opinion

Bits and Bytes: Update Your Site to Avoid Massive Data Breaches

Bits and Bytes: Update Your Site to Avoid Massive Data Breaches

When it comes to web hosting, one of the great cautionary tales centers on Equifax, a goliath of the data industry. Anyone who lives in the United States (even the shut-ins, given the social media storm that ensued) surely remembers the Equifax data breach fiasco. The only positive was that everyone affected was going to be paid $125. Even though you never actually saw a penny of that money, their corporate coffers could have been half a billion dollars richer had they kept their software up to date.

As one of the top three credit rating agencies in the US, Equifax provides the data used by most consumers to get loans, credit, perform background check services and various other intrusive personal data-derived services.

When operating a site, it is crucial to set up an ongoing process to ensure that it remains updated and secured.

In 2013, a staggering data breach of some of the most personal financial data on 143 million people (mostly Americans) was one of the worst that had ever occurred. The breach was especially heinous, given that the information was a veritable ready-to-go kit for identity thieves. The data therein contained more than enough financial information to open credit lines, conduct financial transactions and more.

In response, Equifax did what many irresponsible companies would do. They stonewalled, lied to the public (and Congress) and set up a giant settlement fund for the victims affected. Then, they managed to pay all that money to lawyers and other big companies so that anyone directly affected got nothing but a heartfelt promise that Equifax would definitely, certainly, sincerely, never (ever) do it again.

Despite the massive numbers and scandal which the Equifax data breach created, the actual cause … the “smoking code,” so to speak … was not some “Mission Impossible”-style heist. It was so basic, so simple, so unnecessary and infuriatingly stupid, that I’ve spent several paragraphs building up the breach to underscore how dumb the problem was that cost them the better part of two billion dollars when all was said and done.

They didn’t update their software. Let it sink in for a moment.

There was a security update to their software available in March, and the breach occurred in May. It was a free update, and all they had to do was apply it. Yet several months later, they had not applied the security update and the rest is history.

At first glance, you might think this is a story about software updates. It’s not. I’m writing about everyone’s aversion and impatience for downtime. At MojoHost, we are a 99.999% uptime guaranteed host, which means we take managing client’s upgrades very seriously. Maybe you think the data stored on a porn site is less sensitive or valuable than that held by a credit reporting agency, and that a porn site might be lower on the totem pole than a Fortune 500 company. But, that’s not really how data breaches happen.

The fact of the matter is that most hacks are automated. While the final stages of hacks are often a human hand deciding what is interesting to exfiltrate from a company, vulnerable software is usually identified by automated bots running around the internet.

Automated vulnerability bots mean that even your modest-sized sites are still very much a target. Porn sites contain not just lots of fun usernames and passwords, but may also be targeted for credit card theft and content theft. Indeed, the content itself is quite valuable; we regularly see hacks which attempt to scrape the entire library of a site.

The essential step to keeping your website from suffering a similarly embarrassing and expensive Equifax-like hack is to keep your software patched. That means superficial software like WordPress and the entire software stack, including the underlying operating system and database. When a hack occurs, most often, there was an update available beforehand, even for less critical website components that often go overlooked.

Many site operators are reluctant to perform operating system upgrades because of the perception that these will result in downtime for the site. Although this is true in some cases, a well-planned and short downtime is still much cheaper than the costs of a breach. We ourselves have invested in new technologies that allow us to upgrade servers with absolutely zero downtime in almost all cases, to ensure folks can have the best of both worlds … regular operating system upgrades and no lost sales due to downtime.

When operating a site, it is crucial to set up an ongoing process to ensure that it remains updated and secured. For some site operators, that may mean hiring a dedicated resource to keep things up to date. For others, it may mean using a fully managed hosting company that keeps customer servers and software up to date automatically and has a team dedicated to keeping abreast of the latest security threats. Because after all is said and done, it’s just good mojo to save a few billion dollars.

Brad Mitchell is the famed founder of MojoHost, which has won numerous XBIZ Awards for Web Host of the Year and earned many loyal clients for nearly two decades. Known for his dapper style and charismatic wit, Mitchell is a regular fixture at trade shows, where he frequently shares hard-won wisdom while striking profitable deals. Contact him at brad@mojohost.com.

Related:  

Copyright © 2025 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

profile

WIA Profile: Paulita Pappel

Raised in Spain, surrounded by a predominantly Catholic community, Paulita Pappel grew up being told porn was bad. When she became a feminist, she was told her fascination with porn was not in line with her desire to empower women. This inner conflict made her feel like there was something wrong with her.

Women In Adult ·
opinion

Complying With New Age Assurance and Content Moderation Standards

For adult companies operating in today’s increasingly regulated digital landscape, maintaining compliance with card brand requirements is essential — not only to safeguard your operations but also to ensure a safe and transparent environment for users.

Gavin Worrall ·
opinion

Understanding the FTC's New 'Click to Cancel' Rule

The Federal Trade Commission’s new “Click to Cancel” rule has been a hot topic in consumer protection and business regulation. Part of a broader effort to streamline cancellation processes for subscription services, the rule has sparked significant debate and legal challenges.

Corey D. Silverstein ·
opinion

Key Factors for Choosing a Merchant Services Partner

Running a successful adult business requires more than just delivering alluring and cutting-edge products and services. Securing the right payment processing partner is essential to maintaining a steady revenue stream.

Jonathan Corona ·
opinion

Identifying and Preventing Transaction Laundering

Recently, a few merchants approached me after receiving compliance notifications from their acquirer about transaction laundering. They were unsure what it meant, and unsure how to identify and fix the problem.

Cathy Beardsley ·
profile

WIA: Alexis Fawx Levels Up as Multifaceted Entrepreneur

As more performers look to diversify, expanding their range of revenue streams and promotional vehicles, some are spreading their entrepreneurial wings to create new businesses — including Alexis Fawx.

Women In Adult ·
opinion

Navigating Age-Related Regulations in Europe

Age verification measures are rapidly gaining momentum across Europe, with regulators stepping up efforts to protect children online. Recently, the U.K.’s communications regulator, Ofcom, updated its timeline for implementing the Online Safety Act, while France’s ARCOM has released technical guidance detailing age verification standards.

Gavin Worrall ·
opinion

Why Cyber Insurance Is Crucial for Adult Businesses

From streaming services and interactive platforms to ecommerce and virtual reality experiences, the adult industry has long stood at the forefront of online innovation. However, the same technology-forward approach that has enabled adult businesses to deliver unique and personalized content to consumers worldwide also exposes them to myriad risks.

Corey D. Silverstein ·
opinion

Best Practices for Payment Gateway Security

Securing digital payment transactions is critical for all businesses, but especially those in high-risk industries. Payment gateways are a core component of the digital payment ecosystem, and therefore must follow best practices to keep customer data safe.

Jonathan Corona ·
opinion

Ready for New Visa Acquirer Changes?

Next spring, Visa will roll out the U.S. version of its new Visa Acquirer Monitoring Program (VAMP), which goes into effect April 1, 2025. This follows Visa Europe, which rolled out VAMP back in June. VAMP charts a new path for acquirers to manage fraud and chargeback ratios.

Cathy Beardsley ·
Show More