What is “This Site May Be Hacked”?

website hack

(This article was updated May 2, 2022.)

If you come across a search result on Google with the words, “This site may be hacked” underneath the name of the business, you need to be careful about whether or not you want to continue to that website.

“We show the message ‘This site may be hacked’ when we believe a site may have been hacked by a third party,” according to an explanation provided by Google.

What is website hacking?

Simply stated, website hacking is any attempt to gain unauthorized access to a website. This may include altering the pages that are showing on the website, to installing malicious computer code, to stealing your personal data.

Visiting a hacked website might expose you to malware. In extreme cases, the hacking will completely disable a website. Google recommends that you do not visit websites with the “This site may be hacked” label until you no longer see the label in Google’s search results.

Some web browsers and anti-virus programs also scan websites for signs of malicious activity.

How often are websites hacked?

According to Forbes, there are 30,000 websites hacked each day. Many of these probably go unreported or undetected for days, and therefore not appear in Google search results as soon as they occur.

Why are websites vulnerable?

The most common cause of website attacks is outdated software.

Websites rely on software; website software runs on a web server. The software and the server need to be maintained — they need to be kept current. This includes managing and installing security updates as well as manufacturer and third-party software updates when they are released. It’s not enough to simply arrange for “website hosting” — your business’ website needs to be cared for, and that is an on-going process.

What happens after a website hack?

Depending on the severity of the attack, a website hack may be inconvenient or it may bring a business to its knees. In either case, the cost of minimizing the risk of attack is far less than the cost of recovery after an attack.

Recently, I was called to handle an emergency — a New York City law firm had its website hacked, leaving the website completely inaccessible. The problem was made worse by the fact that no off-site backups of the website were kept. Re-making the website took several days, because it required stitching together what remained of the old website.

Here are the most common negative side effects of having your business’ website hacked:

  1. Clients, customers, prospects, and vendors may think that you don’t take your web presence seriously.
  2. Your website could go dark, or become negatively impacted by the attacker, your Internet service provider, or Google.
  3. Your email address or domain could be blacklisted by spam filtering services, making it difficult for legitimate customers and others to contact you.
  4. You’re going to have to take time to fix the problem. Be it cleaning up malware or re-doing your web pages, it will involve data backups and calls for tech support. Do you have a few hours (or days) to spare?

To minimize the risk of a website attack, make sure you have a webmaster who is responsible for the well-being of your website, and that you are not simply arranging to have the website “hosted”.