You are here

'Heartbleed' flaw on the internet threatens user data

9th April 2014

Millions of websites are operating with a major security hole in place; potentailly exposing user information and financial information to hackers, researchers say.

Researchers from Google Security and  Codenomicon (a Finnish security company) published information indicating they had discovered a serious flaw, called "Heartbleed", in numerous but not all versions of the OpenSSL cryptographic software library, which is used to secure millions of websites.

The flaw is a security vulnerability in OpenSSL, - which is technology used to protect your usernames, passwords, and sensitive information set on secure websites. If an organisation employs OpenSSL, users see a padlock icon in their web browser (HTTPS). 

The researchers have said that the flaw has existed for two years but there has been no evidence that the vulnerability has been exploited as the attacks leave no trace. 

What could hackers do with this flaw?

A hacker with knowledge of the flaw would be able to get website servers to reveal data previously thought to be secure by injecting the server with exploit code.

Some firms like Yahoo blogging platform Tumblr has advised the public to "change passwords for high-security services like email, file storage and banking". To check a website you regularly use is safe use this free Heartbleed test.

For further information please visit the BBC website.

Please note that Action Fraud is not responsible for the content of external websites.

To report a fraud and receive a police crime reference number, call Action Fraud on 0300 123 2040 or use our online fraud reporting tool.

Related links

Microsoft warns users of security hole
Two million social media passwords stolen