← Back to context

Comment by bartread

5 days ago

It's 100% this. Anyone who's run a website or web app for any length of time in recent years and makes a habit of inspecting their logs will quickly realise that they're being scanned by bots looking for vulnerabilities multiple, or even many, times per day. The search for vulnerabilities is entirely automated and will pick up any domain that has a website or web app attached to it.

One those vulnerabilities are found, the hackers will pounce, and, whilst ransomware is one potential outcome, they might instead do all of the kinds of things GP has described. They don't care what the site is for or what industry you're in.

4 comments

bartread

Reply
pydry  5 days ago

>One those vulnerabilities are found, the hackers will pounce

...and work to exploit your code to their own benefit. They don't do this just so that they can refund your customers.

  • parliament32  5 days ago

    Often it's just done for reputation. "We got ahold of their stripe key and refunded everything lol" is hilarious and absolutely on-brand.

  • NoGravitas  5 days ago

    I mean, I can see refunding their customers just for the lols.

    • adr1an  2 days ago

      From the customers' perspective sounds ethical. The product was broken or extremely cheap quality, and not what it seemed to be originally when you decided to purchase... Is this black or white? ;p