More than half of all the web’s top one million sites will now be flagged up as insecure for visitors using the latest version of Google’s Chrome browser, with high profile UK brands including the Daily Mail, Argos, Next, Vodafone, Topshop and Virgin Media all failing to switch to the HTTPS certificate.
Decision Marketing first reported the issue over five months ago, after Google announced that its Chrome operating system would to stop trusting Symantec-issued SSL/TLS certs, and that users would be warned that their connection is not private and someone may be trying to steal their information.
There is no evidence to suggest that any of the sites which have not made the change to HTTPS are currently subject to attacks that abuse insecure data but, according to statistics gathered by security researcher Troy Hunt, the Daily Mail tops the UK list as the busiest site to lack the protective measure.
Other big names on the list include Wiggle, New Look and Sky Sports; even some BBC websites remain insecure. The UK’s National Cyber Security Centre recently issued advice saying that all sites should use HTTPS.
Without HTTPS, data is effectively broadcast as it travels back and forth across the web. There are circumstances that cyber-criminals can exploit to intercept that information, abuse it to steal data or insert their own code or malicious adverts.
It is not clear how many criminals are using these methods to fool users and steal data, but several successful campaigns have been spotted that use these techniques.
Major brands face meltdown in Google security overhaul
Firms warned over new wave of nefarious cyber attacks
Noose tightens on rogue and lax firms as ICO fines soar
Data security chiefs pay soars to €1m as GDPR looms
TNT Express rocked as cyber attack wipes out $300m
WPP hit as new ransomware attack wreaks global havoc
UK firms ‘leaving themselves wide open to ransomware’
Rehab camps to turn hackers into cybersecurity experts
Data breaches ‘hit shares, sales and growth for years’
Europe faces shortage of 350,000 cyber security chiefs