Web passwords at risk 'Heartbleed Bug'

Published 04/10 2014 06:33AM

Updated 04/10 2014 06:38AM

NBC's Arjun Kharpal reports-- A major Internet security bug that affects websites like Google and Facebook has been discovered, leaving users' financial details and emails vulnerable to theft by cybercriminals.

The so-called "Heartbleed bug" was discovered in OpenSSL software-an encryption service used by around two-thirds of websites to protect information sent to and from Web pages.

Cybercriminals could use the security hole to steal sensitive personal information. Even more worrying is the fact that the code behind the encryption means that even if the bug is fixed, hackers could regain access to the information.

"It's very widespread. It will affect everyone in one way or another," Simon Eappariello, a senior vice president at iboss Network Security, told CNBC in a phone interview.

"It can expose the crown jewels of security on the Internet: encryption keys. Once those keys are compromised, once that data has been stolen, it's still vulnerable."

Security firm Codenomicon, which identified the bug and published its details online, said Heartbleed allowed attackers to "eavesdrop on communications." The company discovered the threat by simulating the attack on their own systems.

Codenomicon's researchers published the findings on heartbleed.com and urged websites to set up "honeypots that entrap attackers."

Major technology firms told CNBC they were dealing with the problem. A Facebook representative said it had "added protections" against the flaw, while Yahoo said it was "working to implement" a fix. Microsoft said services including Windows were "not impacted" by the security flaw, but "a few services continue to be reviewed and updated with further protections." Google did not immediately reply to a request for comment.

Copyright 2016 Nexstar Broadcasting, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

Top Videos

Featured Coupon


Featured Business