OpenSSL Heartbleed Bug: Infects Half A Million Websites; Passwords And Encryption Keys At Risk

Tags
Technology

A new security bug called Heartbleed is now making roughly half a million websites vulnerable to data theft.

The websites at risk are those who are running the recent versions of OpenSSL, a technology used to encrypt websites and ensure an individual's user data.

Researches discovered that Heartbleed has the capacity to acquire personal, sensitive information such as login details and credit card numbers.

Based on the April 2014 Web Server Survey of Netcraft, an internet research firm, possibly half a million websites could be victims already of the Heartbleed bug.

"Our most recent SSL Survey found that the heartbeat extension was enabled on 17.5% of SSL sites, accounting for around half a million certificates issued by trusted certificate authorities.", said Paul Mutton on his Netcraft post.

CNET sought the advice of some experts to protect users from experiencing data theft:

  • Avoid logging in the infected websites.
  • If the website has been cleared from the bug, change passwords which are highly important like emails and bank details.
  • Inform even small-scale companies (that you have active transactions) to protect your data.
  • Monitor any irregular activity in your financial accounts.

Filippo Valsorda, an Italian cryptography consultant, developed a tool that can check if a website has been compromised or not.

Popular affected websites include Amazon and Yahoo. Both companies have already expressed that they are working on the issue.

Initial tests for social websites like Facebook, Twitter, and Google appear to be free from the threatening bug.

Join the Discussion

Latest News

slide 5 to 8 of 12
slide 9 to 12 of 5
Real Time Analytics