SHARE THIS

A major new vulnerability to encrypted data, called Heart Bleed could let attacker hackers gain access to users’ passwords and fool people into using bogus versions of Web sites. Some already say they’ve found Yahoo passwords as a result.

The problem isn’t just with Yahoo. Nearly two-thirds of all websites and servers that transmit data to each other are vulnerable to Heartbleed. This includes banking institutions, Amazon, eBay, Google, Netflix, Twitter, to name just a few of the major websites.

The problem is in open-source software called OpenSSL that’s widely used to encrypt Web communications. Heartbleed can reveal the contents of a server’s memory, where the most sensitive of data is stored. That includes private data such as usernames, passwords, and credit card numbers. It also means an attacker can get copies of a server’s digital keys then use that to impersonate servers or to decrypt communications from the past or potentially the future, too.

Security vulnerabilities come and go, but this one is extremely serious. Not only does it require significant change at Web sites, it could require anybody who’s used them to change passwords too, because they could have been intercepted.

Mashable.com has compiled a significant list of the more popular websites and if those websites reported a vulnerability, along with the action they took to prevent an attack. That list can be found HERE.

While I realize that this information may seem a little “geekish” for most to understand, suffice to say that this “bug” in the Internet encryption is extremely serious. It’s recommended that you change your passwords on any website that you do business with, or keep financial information with.

The video below will better explain the real threat of Heartbleed.