Connect with us

Hi, what are you looking for?

The American GeniusThe American Genius

Tech News

Has the Heartbleed bug really harmed anyone?

(Tech News) The Heartbleed bug has nabbed headlines for weeks, but has it actually done damage to anyone? It depends on who you ask…



Is it all hype or has Heartbleed actually done damage?

While the Heartbleed bug has caused a great deal of anxiety by being touted as “one of the most serious computer security breaches of all time,” some people are not convinced it has caused any damage at all.

Calling it a bug, or virus, is not 100% accurate either; Heartbleed is actually a weakness in systems running OpenSSL. These are sites that begin with “https://” rather than “https://” The Heartbleed weakness creates a window through which hackers can bypass encryption. So, how serious is Heartbleed?

In a way, it depends on who you ask. There have been several reported instances of Heartbleed-related problems:

Heartbleed was used to attack a “major corporation.” Hackers used the Heartbleed vulnerability to break into a major corporation’s network, and then to further attack an employee’s virtual private network (VPN). Their intent seemed to be to use the VPN to move laterally and escalate privileges. The name of the corporation was not mentioned, nor the extent of the damage.

A Canadian attacker used the Heartbleed “bug” against the Canadian Revenue Agency to capture approximately 900 social insurance numbers (SINs), comparable to our social security numbers. While the attacker was arrested, they do not know what happened to the numbers, so identity theft becomes the primary concern here.

Advertisement. Scroll to continue reading.

Mumsnet forced all 1.5 million users to change their passwords because they believed Heartbleed attackers had gained access to users’ passwords and messages. This poses a large security risk, not just for the Mumsnet site, but elsewhere; if hackers were able to view a user password and gain access to their accounts, they would also be able to see the user’s email address. Many of us use the same password for multiple accounts and sites, so it stands to reason that the hackers would attempt to use your password to gain access to your email and other favorite sites (which they can see by reading you emails). Tip: change your email password to something you only use for email. Do this for your bank account as well.

And the kicker is that the NSA knew

The shocker: Bloomberg reports that the NSA knew about the Heartbleed vulnerability for the past two years and chose to exploit it, rather than prevent it.

The bottom line: there really is no way to tell, yet, exactly how much damage the Heartbleed vulnerability has caused. Some people affected by the virus have not yet come forward, as it would be an admission that their encryption was weak. It is simply easier to deal with the problem internally. However, it is clear some of the anxiety is justified because Heartbleed has done damage.

Advertisement. Scroll to continue reading.

The American Genius is news, insights, tools, and inspiration for business owners and professionals. AG condenses information on technology, business, social media, startups, economics and more, so you don’t have to.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


American Genius
news neatly in your inbox

Subscribe to our mailing list for news sent straight to your email inbox.



Tech News

(TECH NEWS) If you've ever had to share your screen, you know that sometimes, your sensitive information still slips. But this extension helps by...

Tech News

(TECH) Hardware tokens have been around for a while, but people most serious about avoiding hackers swear by them.

Tech News

(TECH) The Google Home Hub will soon ship to homes and offices, and they might win in the long run for simply not including...

Tech News

(TECHNOLOGY) Doxing is an attack that used to be primarily done in hacker and gamer circles, but is now spilling over to victimize people...

The American Genius is a strong news voice in the entrepreneur and tech world, offering meaningful, concise insight into emerging technologies, the digital economy, best practices, and a shifting business culture. We refuse to publish fluff, and our readers rely on us for inspiring action. Copyright © 2005-2022, The American Genius, LLC.