A serious bug “Heartbleed” discovered by researchers at Google Inc. and a Finnish security firm Codenomicon that could expose your password, credit card information and other sensitive data has been recently discovered resulting into recommending password change for millions of web users
The bug remained undiscovered for more than 2 years, since December 2011. The bug Heartbleed can be exploited by cybercriminals to procure personal data, cryptographic keys, as well as site’s impersonation in order to collect more information. It is untraceable making it difficult to prove whether it has been compromised or not.
Currently, researchers are recommending web users to change all of their passwords. The breach involves SSl/TLS, which is an encryption with the closed padlock icon and ‘https:’ on web browsers. Heartbleed security flaw can make traffic on web prying even if the padlock is closed and notifies a secure connection.
What makes it dangerous and much more of a threat is the fact that OpenSSL, which is an open-source encryption technology, is presently used by more than two-third of web servers. It supports many HTTPS sites that collect data and are normally indicated by the padlock icon in the right hand site of the browser site, indicating visitors that that information visitor’s are sending is hidden from prying eyes.
Major tech giants such as Google, Facebook, Amazon and Yahoo browsed by millions of users every day said that they have already initiated steps in order to secure their sites from the flaw. Security researchers demonstrated the flaw by stealing Yahoo e-mail logins on 8th April, however Yahoo has already fixed the security flaw across its many sites including Flickr, Tumblr.
It has been recommended that users must update their passwords across all portals and signed in sites they use, only after the site they’re going to the password has confirmed whether they have taken the proper measures to fix Heartbleed and make it a secure connection. E-mail from most sites are expected to inform users instructing password change if at all necessary.