Has the Heartbleed bug really harmed anyone?

April 28, 2014


Is it all hype or has Heartbleed actually done damage?

While the Heartbleed bug has caused a great deal of anxiety by being touted as “one of the most serious computer security breaches of all time,” some people are not convinced it has caused any damage at all.

Calling it a bug, or virus, is not 100% accurate either; Heartbleed is actually a weakness in systems running OpenSSL. These are sites that begin with “https://” rather than “http://” The Heartbleed weakness creates a window through which hackers can bypass encryption. So, how serious is Heartbleed?

In a way, it depends on who you ask. There have been several reported instances of Heartbleed-related problems:

Heartbleed was used to attack a “major corporation.” Hackers used the Heartbleed vulnerability to break into a major corporation’s network, and then to further attack an employee’s virtual private network (VPN). Their intent seemed to be to use the VPN to move laterally and escalate privileges. The name of the corporation was not mentioned, nor the extent of the damage.

Advertise with The American Genius

A Canadian attacker used the Heartbleed “bug” against the Canadian Revenue Agency to capture approximately 900 social insurance numbers (SINs), comparable to our social security numbers. While the attacker was arrested, they do not know what happened to the numbers, so identity theft becomes the primary concern here.

Mumsnet forced all 1.5 million users to change their passwords because they believed Heartbleed attackers had gained access to users’ passwords and messages. This poses a large security risk, not just for the Mumsnet site, but elsewhere; if hackers were able to view a user password and gain access to their accounts, they would also be able to see the user’s email address. Many of us use the same password for multiple accounts and sites, so it stands to reason that the hackers would attempt to use your password to gain access to your email and other favorite sites (which they can see by reading you emails). Tip: change your email password to something you only use for email. Do this for your bank account as well.

And the kicker is that the NSA knew

The shocker: Bloomberg reports that the NSA knew about the Heartbleed vulnerability for the past two years and chose to exploit it, rather than prevent it.

The bottom line: there really is no way to tell, yet, exactly how much damage the Heartbleed vulnerability has caused. Some people affected by the virus have not yet come forward, as it would be an admission that their encryption was weak. It is simply easier to deal with the problem internally. However, it is clear some of the anxiety is justified because Heartbleed has done damage.

pending home sales
Pending home sales are improving (REALUOSO.COM) - According to the National Association of Realtors, pending home sales rose in March, representing the first gain in the past nine months of stagnant activity, rising 3.4 percent to 97.4 percent from an upwardly revised 94.2 in February, but is 7.9 percent below…
amazon prime pantry
Amazon Prime introduces ‘Prime Pantry’ After announcing its first ever price increase for Prime members, Amazon has introduced a new service, “Prime Pantry.” Prime members can now shop for a variety of goods including soda and bottled water and have them shipping to your door in a few days. While…

AGBeat is news, insights, tools, and inspiration for business owners and professionals. AG condenses information on technology, business, social media, startups, real estate, economics and more, so you don’t have to.

Leave A Comment