I like to revisit good restaurants. If I like the place they will see me again. In one or two places I even don’t have to see the menu. I’m using the good restaurant analogy to describe why hackers revisit previously hacked sites: They know the place and feel comfortable. Hackers would return to the “scene of crime” and hack if they can.
Recently one of our salesmen forwarded me a note from one of his prospects that were hacked in the past. The team at that company decided that since they were hacked once, the chances to get hacked again are very low. “Lightning does not hit the same place twice” the prospect wrote.
That’s wrong of course. Lightning can strike any location more than once. It’s not just statistical, given enough time, it is actually inevitable. Some places (like high radio towers) will get hit several time within a single lightning storm. See also here
Poorly secured applications and databases are for hackers like radio towers to lightning. They will get hit several times. One cannot change the weather or prevent a lightning storm but he sure can prevent the next hack, data theft and lose of data.