“Heartbleed”- a bug that has been able to expose millions of passwords, credit card details and other sensitive information has finally been revealed.
Dubbing the breach, “heartbleed,” security researchers have uncovered a flaw in the encryption technology that protects online accounts, emails and e-commerce sites. The breach has been going on for an estimated two years which means that millions of people could be affected.
The bug targeted SSL/TLS encryption technology which is commonly seen on secure sites with “https” at the start of the URL. It is also one of the most common “secure” browser options used today. The bug made it possible for hackers to snoop on the data being typed, without the website owners even knowing.
While the bug is in the processes of being fixed, researchers are now trying to trace back its origins and to see what damage it really caused to consumers and businesses.
It is believed at this stage only smaller, more progressive sites would have been affected as bigger, more commercial sites often have a more advanced backend.
“I would change every password everywhere because it’s possible something was sniffed out,” said Wolfgang Kandek, chief technology officer for Qualys, a maker of security-analysis software. “You don’t know because an attack wouldn’t have left a distinct footprint.”
However, changing passwords might just been in vein until the bug is officially rectified. Security groups are aiming to have it all fixed on Monday but an official announcement may be needed to confirm this.