Most consumers have now heard about the “Heartbleed bug” that has exposed literally millions of usernames, passwords and credit card numbers in the last year, but the big question is what to do to protect yourself, and your information.
Unfortunately, experts warn that changing your password may simply not be enough.
Millions of web users were told that they needed to change their passwords following revelations of security program breaches, but in the wake of these revelations experts have said that, due to the fact that the bug is extremely difficult to trace, it’s not the perfect solution.
David Emm, a senior security researcher at Kaspersky Lab, says that “We don’t know to what extent this flaw has been targeted by hackers, we’re in the dark here about the extent of how it is been used. We can’t quantify the scale of the damage.”
The new bug was discovered in OpenSSL software and revealed by Codenomicon, an Internet security firm. Open SSL is an encryption service that protects information sent back and forth from webpages and is used by approximately 75% of all websites.
The bug created a “hole” in the system, allowing cyber criminals to steal personal information. What’s more concerning is that, if the “master key” code is stolen, password changes will be rendered ineffective.
Since the Heartbleed bug made headlines last year, Facebook, Yahoo and Google have all upgraded their software, and Open SSL has also released an update to help fix the problem. Still, it’s unsure whether other companies have done, or are even planning to, meaning that users are still not universally protected.
For example, if a firm hasn’t updated their websites system with the fix, a new password created by the user will be just as vulnerable as it was before. Security experts say that users should only change their passwords after a site has fixed, and that timing is crucial. Downloading a mobile ID app might help as well.
Ernest Hilbert, a former FBI agent who now works for risk consultancy firm Kroll, says that “Passwords are stored in an encrypted format. The latest bug could give hackers access to the skeleton key to open the central file that has all the passwords in it. So you changing the password doesn’t matter because this guy with the key can come in and look at your password anyway.”
What’s even scarier about this damaging new bug is that it’s possible that it’s been around for two years, meaning that we could only be seeing the tip of the iceberg of cyber theft right now. Even more worrying is the fact that users aren’t able to tell if a website that they’re using is affected or not.
Experts warn that anyone using the Internet to make online transactions is prone to the bug and should definitely keep an eye on their bank accounts, credit cards and other financial data to make sure that there is no unauthorized activity taking place. Ultimately however, it’s up to the companies that consumers are using to communicate with them about security lapses on their site.
Jeremy Rosenberg, the head of digital company Allison and Partners, says that “It’s the companies and the service providers that really need to go out there, make sure their services are patched correctly and not vulnerable to this Heartbleed bug.”
Until they do, consumers across the country should remain extremely cautious.
Speak Your Mind