Security experts believe social networks like Twitter and Facebook are targeted because of the sheer number of users. Defacement is the most common motivation for ego-driven hackers, and these high traffic, high involvement communities are a great way to disrupt many victims at once.

A study by Webroot sheds light on a few other reasons why social networks make a ripe targets for hackers.

• 36% of social networkers admit they don’t hide personal information
• 33% admit to using the same password for all of their online accounts
• 28% accept “friend requests” from strangers

With such a high percent of social networking users being unaware of the dangers, “hackers lure users into taking actions they shouldn’t by making it appear as if a friend within their social netowrk has sent them a message – only the message is from a hacker who has hijacked the friend’s account,” warns Mike Kronenberg CTO of Webroot’s Consumer Business division.

The technique described by Mr. Kronenberg is known as phishing, and it’s one of the most preventable ways hackers obtain access to confidential information. SQL injections, Cross-site Scripting (XSS), and Cross-site Forgery Requests (CSFR) are more covert, technical methods that hackers use to get the infomation they need.

“As a web service or SaaS provider, you can help protect your users from these attacks by hosting your applications in a secure environment. Users need to be savvy, and when they can’t stay up to speed on all the risks, community users should be weary and overly cautious at all times,” suggests Chris Drake, CEO of FireHost.

“Xssed.com lists nearly 13,000 Web pages that hosted cross-site scripting vulnerabilities, including a large number at trusted and high-traffic Web sites such as yahoo.com, google.com, msn.com, myspace.com and facebook.com, and cnn.com.”

Cross-site scripting vulnerabilities can be used to execute sophisticated phishing attacks, so they represent a significant threat to many internet users, including casual and social surfers. Further compounding the problem, only 3% of the 13,000 recorded web pages harboring cross-site scripting vulnerabilities were fixed last year, according to reports from Symantec.

As more and more malicious hackers exploit cross-site scripting vulnerabilities, tens of thousands of websites could be used to prey on millions of internet users.

In fact, as hackers have become adept in cross-site scripting (XSS) exploitation, they have deployed web-based worms against social networks like Twitter. These worms may not have caused significant damage yet, but users still run the risk of being lured into downloading malicious programs masquerading as a fun plug-in or anti-virus software.

At FireHost, we take the threat of cross-site scripting (XSS) exploitations very seriously. As part of our industry-leading secure web hosting environment, we use sophisticated, enterprise application firewalls to help prevent hackers from exploiting the web applications used to execute cross-site scripting attacks.

Start protecting your website, business, and customers by discovering the difference in FireHost’s unrivaled security. Visit FireHost.com and contact a FireHost Agent today.

Consider this example:

Mary frequently visits an online shopping website. One day, hackers use a cross-site scripting attack on the website, embedding malicious code. Mary returns to the website and buys a pair of new shoes, unknowingly passing her confidential information to hackers. Before she realizes what happened, someone has stolen her identity and ruined her credit.

Every business owner has more important things to do than mitigate a very public theft of your customer’s personal data, so make securing your customer data a priority today.

Unfortunately for consumers and businesses, many hosting providers don’t take effective measures to prevent cross-site scripting (XSS) attacks on their clients. If your hosting provider doesn’t address cross-site scripting attacks (XSS) properly, your company’s website could easily fall prey to hackers and expose your customer’s personal information.

Security is the primary focus at FireHost. We pride ourselves on providing industry-leading secure hosting, which includes a WAF to prevent cross-site scripting (XSS). This hardware security device stops hackers from exploiting web applications, securing your website, business, and customers from cross-site scripting (XSS) attacks.

To discover more about our secure hosting and prevention of cross-site scripting (XSS), contact a FireHost Agent today.