During the 2013 holiday shopping season, hundreds of thousands of shoppers at one of the largest U.S. retailer chains were ‘targeted’ because of a security and payments systems breach from a malware software installation by hackers.
A recently discovered security bug called Heartbleed Bug has been around for almost two years and could have exposed your usernames, passwords, credit card information, internal business documents and more to hackers.
What is the “Heartbleed Bug?”
The Heartbleed Bug is an error in OpenSSL 1.0.1. through 1.0.1f, an open-source software that is used to run a large number of websites online. More than 500,000 popular websites that house personal data such as Facebook and Gmail have been affected by this security flaw.
Heartbleed Bug was discovered by online security firm Codenomicon and Google researcher, Neel Mehta, on the same day. The term “Heartbleed Bug” was used instead of the original reference of the bug, CVE-2014-0160, because of its ability to “leak memory content” from the server to the client and vice versa.
The scary issue with this bug boils down to an online hacker’s abilities to access encryption keys, or codes that store personal information that typically appear as numbers and letters, and flip them into readable information if they are not patched or repaired.
What websites were affected?
Several social media sites alongside news websites and online retailers could have been affected by the bug. CNET, in coordination with Alexa.com, has went through the top 100 websites to indicate if businesses have patched the bug so your information is safe. For the most recently updated list by CNET, click here. Your information may still be compromised if OpenSSL is running on businesses’ websites. Fixed OpenSSL has been released to patch the issue.
How to protect your online information moving forward
You may want to research a few facts Debasree Ghosh shared in her blog about online theft or take quick action with the steps below.
- Immediately change your passwords to something with several numbers and letters.
- Visit websites like havibeenpwned.cm, PwnedList.com or Shouldichangemypassword.com. These sites are all free and can let you know if your information has been compromised.
- Call the customer service departments of websites you have released your personal information to and ask if they were breached.
Were you a victim of the Heartbleed Bug or other online identify theft? Leave a comment below and share your experience.