This article originally appeared in Information Security Buzz on January 17, 2019.
Bluehost, a popular web hosting platform, has been found to be riddled with vulnerabilities including one that would allow complete account takeover according to independent security researcher Paulos Yibelo.
Expert Comments below:
Mike Bittner, Digital Security and Operations Manager at The Media Trust:
“By paying scant attention to security and privacy, web-hosting platform providers unknowingly enable bad actors to steal consumer information and commit fraud. This lax approach puts platform providers, their customers, and consumers at grave risk as consumer data privacy regulations around the world tighten on the one hand and attacks by malicious actors intensify on the other. Such providers should build security tests and enhancements into the product lifecycle, as every user of each site they host could be victimized by cyber thieves and fraudsters. If a provider hosting a million sites around the world takes a slapdash approach to privacy and security, imagine how many site visitors could be affected and, as a result, how many site owners would find themselves in violation of new privacy laws.”