The just-discovered Heartbleed security bug that lets hackers decipher encrypted data has been exposing the personal information — user names, passwords, payment card data a likely more — used for online transactions for about two years, security researchers say.
The severe flaw in OpenSSL, encryption technology used by an estimated 500,000 websites, could could let hackers access, and translate, encrypted code without the knowledge of those running the website — or the users supplying the data. The data is exposed as it flows between user computers and business servers.
Security experts have started distributing a fix for the problem, and say it should be used immediately, according to computer security experts.
The problem clearly affects millions of online shoppers, online bankers and even e-mail users, who need to know what happened and what they can do to alleviate the potential pain.
Sign up for Computerworld eNewsletters.