What Was the Heartbleed Bug? And What Should You Do Now?
In April 2014, some security experts discovered something that sent chills down their spines. The software code that's used to encrypt a majority of data traveling over the Internet worldwide had a flaw...one serious enough to potentially do major security damage. If exploited by hackers, millions of login names and passwords could be stolen in transit when people go online.
Google researchers found the bug, and they told the people who created the code about it: OpenSSL Project. OpenSSL was going to let websites know about the problem without a lot of fanfare...but they feared that if hackers found out, the hackers would pounce on the opportunity, tell other hackers...and disaster.
Once the news was made public, countless websites and millions of Internet users snapped into action, and the media went a little nuts as well.
Hundreds of companies like Yahoo and Tumblr got the word out to their customers, urging them to change their passwords, and many other websites rushed to fix the problem and told their customers the same thing. And the media did its part by making the problem known so that Internet users could take steps on their own to protect themselves.
When the news got out, millions of people who go online changed their passwords, as a measure to prevent the security leak from affecting them.
This was no minor event. Some experts said this "hole" in the Internet (where your data could leak through) was one of, if not THE, worst security breakdowns ever for the Internet.
There's a way to check to see if a specific service updated their security though a special website—www.ssllabs.com/ssltest. If the results come up green, the problem has been taken care of. But the Heartbleed scare is just another reminder of how vulnerable we can all be to dangerous Internet hijinks.
What a few companies are doing.
Don't be surprised if you see some new steps when you try to log in to email, your bank or even social network accounts. For example, some sites are using something that's called "two-factor authentication." Here's what goes on:
When you try to log in to your account, the bank (for example) will text your smartphone a special code that you need to have to log in. This way, if a hacker is trying to log in to your account, they won't receive or be able to use the code that was sent to you. This might happen only when you try to log in from a new or unrecognized device.
What should you take away from all this? How about a much-needed, ongoing reminder that breakdowns in security do happen, they are out of our control, and we should always follow sound advice about changing passwords and protecting ourselves online. So, when you hear news about something like Heartbleed, pay attention. The advice you follow from experts could help protect you, your privacy and your data.