A new security threat called “Heartbleed” has been identified and has potentially exposed millions of passwords, credit card numbers, and other sensitive information to hackers using the exploit.
The breach was discovered in an encryption technology called SSL/TLS, which is commonly used to protect online information exchanges in ecommerce, email, instant messaging, and other forms of data transfer requiring a secure connection. It’s often denoted by the small padlock and “https:” on your web browser. SSL/TLS stands for Secure Socket Layer/Transport Layer Security, and while the breach only affects a variant of SSL called OpenSSL, it is a widely used toolkit for implementing encrypted information exchanges online.
A fix for the security hole has been identified, but since the exploit went unnoticed for over two years, security experts are urging users to consider changing all their online passwords since there’s a chance they could have been accessed by hackers while the security hole remained open. Larger online service providers, such as Yahoo, have already installed the fix required to patch the exploit, and other providers should soon be following suit.
BBB urges you to keep an eye on your online accounts, and if necessary, change your passwords to keep your online information safe.