It has become the old story now; cybercriminals steal users’ information, and customers or members are notified by hosting or social media websites. The customer’s situation is a complete mess; they shared the details with complete trust, and how such big websites get compromised. Wasn’t their security enough to stop hackers? The situation becomes salacious when they know that the hacker’s group is anonymous.

The companies claim the complete security of their user’s data and promise that they won’t be sharing or selling with 3-party companies without the user’s consent. But what if hackers breach the data? Why don’t companies take security as the topmost priority to stop such breaches? After the data gets compromised, news often comes out from such companies that the cyber security team has taken remedial action and then starts assuring customers with high priority security and privacy. The worst is when companies don’t know about such leaks for even months.

The mysterious online hacker community Anonymous always remains in news headlines. In February, a Twitter account with 7.9 million followers named “Anonymous” declared a “cyberwar” against Russia and its president, Vladimir Putin. The group claimed responsibility for cyberattacks that disabled websites and leaked Russian government agencies, state-run news outlets, and corporations’ data.

The Anonymous hacktivists employ coordinated cyberattacks against various world governments, corporations, or other groups, often in the name of social or political causes. On March 6, 2022, Anonymous claims to have hacked into the Russian streaming services Wink and Ivi (like Netflix) and live TV channels Russia 24, Channel One, and Moscow 24 to broadcast war footage from Ukraine. But that doesn’t make them heroes. Let’s have a look at their past deeds.

On November 17, 2021, Godaddy, an Internet domain and web hosting company based in New York, revealed a hack on September 6, 2021, which exposed its 1.2 million customers’ emails and numbers, putting them at risk of phishing attacks. An attacker sends a fraudulent message designed to trick the victim into giving them sensitive information. The company filed an incident report with the Securities and Exchange Commission (SEC) stating that it had identified ‘suspicious activity in its Managed WordPress hosting environment by an unauthorized third party. They immediately began an investigation with the help of an IT forensics firm and contacted law enforcement. SSH File Transfer Protocol, a network protocol that provides file access, transfer, and management over a data stream, and database usernames and passwords got exposed for active customers. The company immediately blocked the unauthorized third party and reset both passwords.

The company spokesperson said: ‘We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection.’

Why are hackers so high? Can they impact thousands of websites and bring down businesses? Even with so many protections, firewalls, anti-malware, anti-viruses, and best security, how the hosting accounts get compromised still is beyond one’s thinking.

It’s not only Godaddy; almost every big company is the target of hackers. Amazon’s Twitch, a video streaming service, suffered a data leak after an anonymous hacker posted a computer file containing a vast amount of data for the public to access. Users Called ‘Disgusting Toxic Cesspool’ in a post on 4chan by a hacker. CNBC reported that the data leak included details on payments to content creators and an unreleased product from Amazon Game Studios.

Most companies use two-factor authentication (2FA), but not all their customers or members use the same. The companies always recommend changing passwords periodically. It’s time for users to know the difference between public and private information, ‘what to be shared and what not to be.’ Undoubtedly, the threats of cybercriminals will remain in the future also, but it’s the company’s and user alertness that can minimize hacking possibilities.

Security researchers claim that hackers and cybercriminals attack big web hosting companies and domain registrars. There is an increase in backdoor payload attacks against the big hosting providers. Wordfence, a popular security service, analyzes that the WordPress hosting providers and resellers gets the most affected.

The hackers exploit the vulnerabilities, gain access to configuration wp-config.php, and modify parameters to have complete control. They get a template that refers users to pharmaceutical sector spam links and injects malicious pages into search engines results. The spam templates intend to incite victims to purchase fake products, exposing money and payment details to the threat actors. The hackers with complete control alter or modify website content like links, titles, menus, or images; thus, the site appears compromised instead of the original one.

Cybercriminals steal data, passwords, and users’ personal information. The hosting customers prioritize protection and want absolute and higher standards of security measures for their websites, emails, and other resources they host on servers. Thus, the website’s reputation is maintained. The user experiences get impacted, leading to a negative experience and losing trust with website downtime or affected vulnerabilities. The website security threat leads to potential financial losses; thus, hosting consumers want to strengthen digital presence security and take a longer-term view on protecting the investment.

Over 90% of GoDaddy APAC customers participating in its 2021 Global Website Security Survey consider cyber security important for small businesses. Nearly 80% of respondents agreed that small businesses are at risk of cyberattacks. At the same time, half said they had already experienced a security breach, and a third described themselves as unsure of how to deal with a cyberattack.

The hosting providers always advise their customers to keep everything updated and upgraded. Wordfence strongly recommends that users scan the wp-config.php file immediately to detect potential backdoor injections.

Last year in November 2021, up to 1.2 million users of Godaddy’s WordPress websites got affected by an unauthorized attack. GoDaddy In. empowers millions of entrepreneurs worldwide looking to expand their online presence. The hosting provider offers tools for domains, website creation, e-commerce, content creation, and online security capabilities like Firewall and malware protections, site cleanups, and secure backups to help safeguard your customers’ and business information.

A web hosting service started in 1994 by David Bohnett and John Rezner, and it was the third most visited website on the world wide web. Earlier named Beverly Hills Internet (BHI), a small Web hosting and development company in Southern California, later renamed GeoCities. It allowed registered users called ‘Homesteaders’ to create and publish home pages and e-mail addresses, chat, bulletin boards, and community elements with neighborhoods they wanted to belong to with 2 M.B. of space provided. The neighborhood was part of the member’s Web address along with a sequentially assigned “street address” number to make the URL unique (for example, “www.geocities.com/RodeoDrive/number”). 

According to their content, the users select cities or regions to list hyperlinks to their web pages like computer-related were placed in ‘SiliconValley, and entertainment placed with ‘Hollywood.’ GeoCities included GeoCities Marketplace, a commercial website, which sold GeoCities-branded merchandise.

The users need to provide personally-identifying and demographic information when they register for the website. In the privacy statement on its New Member Application Form, the website promises not to give anyone personally-identifying information without the user’s permission. The visitors can browse user-created websites by their theme or interest. They enjoyed the user-created websites and built a profound community.

In 1999, FTC received a complaint against GeoCities that it violated provisions of (the Federal Trade Commission Act, precisely 15 USC & 45. The act states, “Unfair methods of competition in or affecting commerce, and unfair or deceptive acts or practices in or affecting commerce, are hereby declared unlawful.” The agency found GeoCities engaged in deceptive acts and practices in contravention of their stated privacy act. The website sold personal information to third parties who used the information for purposes other than those for which members gave permission. The website illegally permitted third-party advertisers to promote products targeted to GeoCities’ 1.8 million users by using personally identifiable information obtained in the registration process. Subsequently, a consent order was entered into, which prohibits GeoCities from misrepresenting the purpose for which it collects uses personal identifying information from consumers. 

On January 28, 1999. Yahoo Inc. acquired the GeoCities hosting service for $3.57 billion in stock and abandoned this practice to favor Yahoo member names in the URLs.

In July 1999, Yahoo! switched from the neighborhood and street addresses Uniform Resource Locators (URLs) for homesteaders to “vanity” URLs through members’ registration names Yahoo! (“www.geocities.com/membername”). This service was offered previously only as a premium.

 Later in October 2009, the United States GeoCities services came to an end. Yahoo terminated the most user-written website with at least 38 million pages – The vintage personal web hosting site got farewell on October 26, 2009. Yahoo asked and encouraged users to download content to computers if they want to rebuild them on another site, as they won’t be archiving user pages. Yahoo urged users to try the company’s pay Web-hosting service. The company introduced a for-fee premium hosting service at GeoCities. It reduced the accessibility of free and low-price hosting accounts by limiting their data transfer rate for Web page visitors.

By 2008, the domain geocities.com attracted at least 177 million visitors annually and had 18.9 million unique visitors from the U.S. during March 2006. Later in March 2008, it decreased to 15.1 million unique U.S visitors and in March 2009 had 11.5 million unique visitors.

GeoCities Joined a long list of other services, including Yahoo! 360, My Web, Yahoo! Briefcase Farechase, LAUNCHcast, My Web, Audio Search, Pets, Photos, Live, Kickstart, etc. Web messenger and teachers prioritize their products and services to deliver the best products to consumers. The visitors looking for GeoCities won’t find flashing banner ads, questionable color schemes, guest books, streaming HTML marquee tags, and omnipresent “Under Construction” signs. The site touched the hearts of millions of users that “RIP GeoCities” was a trending topic on Twitter. The website where millions first tried their hands at coding and designing before Yahoo scrubbed it.