Heartbleed OpenSSL security bug plagues millions of Internet users

Heartbleed OpenSSL security vulnerability has hit scores of websites, leaving millions of users at risk of username and password theft, researchers say.

Published Wed, Apr 9 2014 2:30 PM CDT   |   Updated Mon, Oct 19 2020 8:15 PM CDT

The "Heartbleed" security vulnerability discovered by the security company Codenomicon found that the OpenSSL bug has opened up millions of Internet users to security risk. Although OpenSSL is designed to help keep sensitive information secure, Heartbleed may have led to website visitors susceptible to spying, according to researchers.

Heartbleed OpenSSL security bug plagues millions of Internet users | TweakTown.com

Heartbleed targets any OpenSSL version over the past two years (OpenSSL 1.0.1 up to 1.0.1f), and cybercriminals are able to access the server's system memory, and encrypted information such as usernames, passwords, debit and credit card information is up for grabs.

Here is what Codenomicon noted:

"We have tested some of our own services from attacker's perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able to steal from ourselves the secret keys used for our X.509 certificates, usernames and passwords, instant messages, emails and business critical documents and communication."

An experienced tech journalist and marketing specialist, Michael joins TweakTown looking to cover everything from consumer electronics to enterprise cloud technology. A former Staff Writer at DailyTech, Michael is now the West Coast News Editor and will contribute news stories on a daily basis. In addition to contributing here, Michael also runs his own tech blog, AlamedaTech.com, while he looks to remain busy in the tech world.

Related Tags

Newsletter Subscription
Latest News
View More News
Latest Reviews
View More Reviews
Latest Articles
View More Articles