Of course, there are a gadzillion hacks of smaller sites going on every week, but this one caught my eye. Richie Davis reports:
When Ed Wierzbowski bought Greenfield’s Arms Block and the former Franklin Savings Institution to bring high-profile musical performances to local audiences, the last thing he imagined having to deal with was Indonesian hackers.
But Wierzbowski, whose Arts Block and Pushkin Gallery venues have hosted a world of entertainment, has had his website, Theartsblock.com, hacked for the third time, and the second time in less than a week, crimping advance ticket sales for Friday’s second annual Cider Days Harvest Party, featuring the Unique Jazz Trio with Becca Byram.
“It’s been mind-boggling,” said Wierzbowski. “Here it’s one of my biggest events, a really big thing. It’s kind of bizarre how they can just step into your life and impact you. It completely screws everything up.”
Read more on The Recorder.
Reading the article, my reaction was, “Well, wait… if you’re collecting personal information and engaging in ticket sales, and your site is so insecure that you’re getting hacked repeatedly, maybe the problem isn’t the hackers but your security.” Wierzbowski says:
“People can’t buy pre-sale tickets, they can’t see the schedule of what’s happening, and I have to pay a programer to fix it,” said Wierzbowski, adding that he’s gotten different explanations for whether the program he’s using is leaving him vulnerable or whether it’s the host, Hostmaster.com.
“It will cost a few thousand (dollars) to change the site, and now that I’m an easy target, they can just keep coming back again and again,” he said. “I can’t afford to keep paying experts to fix it, and then it’s hacked again. I feel it’s like being assaulted on the street, like being robbed. But I have no idea who to report it to.”
Well, you can report it to law enforcement, of course. But the bigger issue, I think, is that yes, sometimes you need to pay to make sure your site is secure. It’s part of the cost of doing business. And if you’re collecting personal information or credit card info, it’s even more important that you really secure your site. So while I empathize with Mr. Wierzbowski, at least the hackers let him know his site was insecure. They probably just could have stolen and dumped or used personal information gleaned from the server without even telling him. Then what?