If you’ve ever opened an account to shop online, use e-mail, social network, or for any purpose, then be very wary. A new bug has been exposed known as ‘Heart Bleed’, which threatens the security of millions of online accounts around the world.
The bug was recently discovered by Google and Codenomicon engineers, and according to Clock Online, it is ‘one of the greatest threats to ever surface the World Wide Web’. However, despite the recent discovery of the bug, Heart Bleed has allegedly been affecting sites for around two years.
Heart Bleed poses a significant risk to UK broadband users, as it allows hackers to access sensitive information. And whats worse, the attacks are, to date, untraceable.
This means that any data you input to a site can be stolen by hackers at a moment’s notice. If you’ve bought something online and inputted your credit card number, or perhaps applied for a job and handed over your e-mail, then all that data could be at risk.
But how does it work?
It begins with the widely used encryption service known as OpenSSL. This service is used on many sites, and it ensures that user information is encrypted, safe from prying eyes. However, the Heart Bleed bug exposes a vulnerability in this software, allowing those with the technical know-how to view the contents of a servers memory (RAM). This includes usernames, passwords, and any other information stored on that server at the time.
But it gets worse! The hackers that have accessed the server can then create a copy of the ‘digital key’ of that site, allowing them to replicate that servers authenticity, potentially allowing them to create fake log-in pages which are indistinguishable from the original.
Yahoo is one of the worst to be affected, with potentially thousands of users’ data being compromised.
However, the team over at Yahoo has been quick to resolve the issue, saying in a statement that they have already ‘secured many of their properties’, including Yahoo mail and search, and that they are working hard to make appropriate fixes to any remaining services.
But should you be worried?
Well, it looks as if many sites haven’t been affected, such as Google and Facebook, so you won’t have to worry about anyone making your embarrassing Facebook PMs public. However, it’s still probably a good idea to change your passwords, especially for Yahoo accounts.