The bug itself may be called “Heartbleed,” but what should really get your blood pumping is the potential loss of your members' personally identifiable information, including credit card data and passwords.
The bug, which has been on the Internet undetected for roughly two years, did not attack individual websites or companies like recent hacks into the systems of Target, Mt. Gox, and others. Instead, Heartbleed exploited a flaw in the code that was designed to keep servers secure.
Tens of thousands of servers that house data for thousands of websites could be affected by the bug. In essence, all Internet users who conduct business transactions or even have passwords saved on websites could be affected.
Finnish security firm Codenomicon, which helped discover the bug, said this could be one of the worst invasions of privacy in Internet history.
“This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content,” the firm said. “This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.”
The firm said it tested the exploitable code on its own servers, and it was able to enter and leave without a trace. Those who made the popular code, Open SSL, released a fixed version that does not have this vulnerability, although widespread adoption may take some time. In one key instance, Yahoo confirmed to Reuters that Yahoo Mail was vulnerable to the bug, but a spokesman said all major Yahoo sites have been patched since the bug's discovery.
It's currently unclear whether the security bug has been exploited on a widespread basis. As Lindsey Bever of the Washington Post wrote, “It's as if someone went on vacation not knowing the lock on the front door was broken. Could someone walk in? Yes. Will they? Did they? Who knows?”
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Zach Warren
Zach Warren is the editor-in-chief of Legaltech News. Based out of Minneapolis, Minnesota, Zach has been with LTN since 2015. He can be reached at [email protected].
