Better change those passwords. Now.
A recent massive security breach perpetrated by cyber thieves has put sensitive information including passwords, credit card information and other data at risk for nearly a billion Internet users worldwide.
The threat, which is being called "Heartbleed," was discovered by a small team from the Finnish security firm Codenomicon. Hackers had cracked the encryption technology used to protect online accounts for emails, instant messaging and a wide range of electronic-funds transfer.
The threat went undetected for more than two years, according to the Associated Press.
"I don't think anyone that had been using this technology is in a position to definitively say they weren't compromised," David Chartier, Codenomicon's CEO, told the AP. Further, it's impossible to know whether an individual's security was compromised as it would not have left a distinct digital footprint, experts say.
Yahoo Inc., which has than 800 million users worldwide, is among the Internet services that could potentially be affected. The Sunnyvale, Calif., company said in a statement Tuesday that most of its most popular services had been "fixed," but there's no way of knowing whose accounts may have been compromised.
According to the AP, Heartbleed creates an opening in SSL/TLS, an open-source encryption technology marked by the small, closed padlock and "https:" on Web browsers to signify that traffic is secure. The flaw makes it possible to spy on Internet traffic even if the padlock had been closed. Perpetrators could also steal the keys for deciphering encrypted data without the website owners knowing the theft had occurred, security researchers say.
About two-thirds of Web servers rely on OpenSSL.
Wednesday is a good day to change your most critical passwords, as many sites have now installed the Heartbleed "fix." Changing one's password too soon after a breach could do you no good, experts say, if the affected site is not yet clear of issues.
|Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
