The “Heartbleed” security flaw has made news around the world in recent days. It puts millions of people at risk of identity theft by giving hackers access to personal information and passwords. The vulnerability affects many top email, social media, dating and other websites with OpenSSL secure servers. Stories about stolen personal data have already begun to surface.

The CBC reports that “Heartbleed” recently allowed criminals to steal about 900 social insurance numbers from the Canada Revenue Agency. This puts the affected citizens at significant risk of identity theft and fraudulent charges. The agency has notified police and taken steps to prevent additional data exposures. It took hackers about six hours to gather the information.

“Heartbleed” has caused website downtime and even slowed the entire Internet as IT companies work to patch the flaw. Meanwhile, millions of users have rushed to change their passwords at numerous websites. Computer experts recommend that people update passcodes on major email services like Yahoo, Google and FastMail. Facebook accounts are also at risk, according to FirstPost.

Some Internet users remain unaware of the “Heartbleed” bug or fail to recognize its significance. It’s vital to realize that each online account often acts as a gateway to other accounts and possibly your money or credit. Certain services are directly linked together or contain data that helps hackers figure out passwords and security questions.

For example, perhaps a hacker used this vulnerability to gain the username and password for your email. This person may find other passcodes or the answer to a security question by searching your messages, especially if you don’t empty the trash very often. This information can frequently be found in personal messages and “welcome” emails from various services.

The hacker might also go to other websites and enter your email address in their password recovery forms. Such services will send new or existing passwords to your compromised email account, allowing the hacker to receive them and log in. This could give criminals access to accounts on websites that aren’t even directly affected by “Heartbleed.”

After they gain entry to shopping or payment websites, hackers may begin using your identity and cash to order products on the Internet. This could result in overdraft charges, credit score damage and other problems that will take a great deal of effort to repair. You might also lose income if they use confidential data to hijack your website or online auction membership.

People who enter the same password on multiple websites make this even easier for hackers. To hijack a PayPal or Amazon account and start making purchases, a criminal might only need to harvest a single passcode at one of the thousands of websites impacted by “Heartbleed.” The same problem could result if you use a compromised password manager.

Basically, “Heartbleed” poses a serious risk to identity security; it’s crucial for every Internet user to take action. You can minimize the risk by changing passwords, closing unwanted accounts and deleting old email messages. Some of the damage is already done, so it also proves important to carefully review all of your monthly financial statements.

Source: http://tech.firstpost.com/news-analysis/websites-affected-by-heartbleed-change-your-gmail-facebook-and-yahoo-passwords-today-221526.html

About The Author