The IT Nerd

Business Digital Index has released a research report in which our team analyzed the external cybersecurity posture of 24 leading cryptocurrency exchanges.

Some of the key findings include:

• Only 3 of the 24 analyzed cryptocurrency exchanges earned an A grade for cybersecurity.
   
• The top-rated exchanges — Biconomy, Toobit, and Deepcoin — exhibited almost no externally visible security weaknesses and (almost) no evidence of corporate credentials circulating on the dark web.
•  Password reuse remains widespread, as 63% of exchanges were found to have employees who have reused their passwords across multiple services in the past.
•  Coinbase ranked second-to-last in the analysis, with 24 unpatched vulnerabilities identified in its externally-facing systems, alongside thousands of exposed corporate credentials and numerous SSL/TLS configuration issues.
•  LBank was flagged for particularly poor security, with 11 critical vulnerabilities left unpatched.

The full report, which includes cybersecurity scores for each analyzed cryptocurrency exchange and more, is available here:

https://businessdigitalindex.com/research/only-3-of-24-leading-cryptocurrency-exchanges-earn-an-a-for-their-cybersecurity/ 

As President Donald Trump calls for sleeker, more user-friendly government websites through a new executive order, the Business Digital Index (BDI) team examined how well each state’s main government website is protected — revealing that cybersecurity, not design, should be the priority.

Here’s the methodology the BDI team used to evaluate the cybersecurity of government websites:

• Full technical methodology is available here.
• BDI carries out passive scans of publicly visible systems, and no internal access is required.
• Grading scale: 0–100 scores mapped to A–F grades.

And here are the findings:

Best-performing states

• Democratic-leaning: Connecticut (96/A), Colorado (87/C), Hawaii (83/C)
  
• Republican-leaning: Arkansas (96/A), Kansas (81/C), Oklahoma (80/C)
  

Most improved states (Feb–Aug 2025):

• District of Columbia (+28 points, from 38 to 66)
  
• Nevada (+27 points, from 60 to 87)
  
• Texas (+27 points, from 49 to 72)
  

Worst-performing states (Aug 2025):

• Democratic-leaning: Delaware (37/F), Minnesota (42/F), Maine (49/F)
  
• Republican-leaning: Indiana (27/F), Wyoming (28/F), Iowa (35/F)
  

States with the steepest declines (Feb–Aug 2025):

• North Dakota (–18 points, from 68 to 50)
  
• Louisiana (–13 points, from 64 to 51)
  
• Tennessee (–13 points, from 65 to 52)
  

Political trends 

• Democratic-leaning states: 59 (Feb 2025) → 63 (Aug 2025), +8% improvement
  
• Republican-leaning states: 57 (Feb 2025) → 59 (Aug 2025), +4% improvement
  
• The three lowest-ranked states — Indiana, Wyoming, and Iowa — are all Republican-leaning, with Indiana at the bottom at just 27/100.

To see the full report, please visit:

https://businessdigitalindex.com/research/trump-pushes-for-sleeker-government-sites-but-73-have-security-issues/ 

Analysis released today finds that most dating apps still have a long way to go to reach A-grade cybersecurity.

The Business Digital Index (BDI) team analyzed the 24 largest dating platforms and found that 75% received a grade of D or F for their digital security. This is not trivial as a lot of people are users of these apps and put a lot of personal information in them that I am certain that they don’t want stolen by threat actors.

You can see the full report here: https://businessdigitalindex.com/research/75-of-dating-apps-are-unsafe-new-study-finds

During peak travel season, when booking sites process millions of transactions daily, Business Digital Index (BDI) examined the cybersecurity posture of 20 major travel and tourism platforms—uncovering critical vulnerabilities that affect millions of users.

The analysis examined an extensive repository of dark web databases and found employee credentials from 18 out of 20 of the most visited tourism and travel websites circulating on the dark web. 

Importantly, these are not new data breaches, but information leaked in the past that is still available to purchase on dark web marketplaces.

While these credentials stem from older breaches, the critical question is: have employees actually changed their passwords, or do these exposed credentials still pose a threat?

BDI findings suggest that, in some instances, employees keep using the same password even after a data breach.

In half of the companies analyzed (10 out of 20), there were instances where employees’ credentials were leaked in one breach and then again in a later breach, with employees using the exact same password each time. Not every employee was reusing passwords, but a noticeable percentage in half of the analysed companies continued this risky practice. 

Based on these findings and multiple other criteria—including software patching, web application security, email protection, system reputation, hosting infrastructure, and SSL/TLS configuration—our analysis scored and graded the 20 most visited travel and tourism websites globally (including two weather websites).

After analyzing each website, we found that only 2 of the 20 analyzed sites were secure enough to receive an “A” for their cybersecurity efforts:

• Trip.com topped the rankings with a score of 98/100, demonstrating robust security across all measured categories with minimal SSL configuration errors.
• Flightradar24 earned second place with 96/100, showing excellent patch management and having only six employee credentials found in breach databases.

In contrast, four major companies received failing grades:

• Skyscanner ranked lowest at 55/100, with researchers discovering 989 leaked credentials that are still accessible and 24 critical or high-risk vulnerabilities.
• Marriott International and Hilton both scored 66/100, with tens of thousands of employee credentials from previous breaches still circulating in underground markets.
• Wetter.com, a German weather website and one of the most visited weather websites globally, also received an “F” grade. 15% of Wetter.com employees reuse breached passwords.

Scores and grades of the 20 analyzed company websites:

The complete analysis is available here: https://businessdigitalindex.com/research/cybersecurity-analysis-reveals-critical-vulnerabilities-across-20-major-travel-tourism-websites/

The in-depth methodology can be found here. It provides detailed information on how researchers conducted this analysis.