Heartbleed Bug undermines the safety of nearly two thirds of the web
A software bug that has gone unnoticed for two years has exposed sensitive data in as many as two out of every three web servers, say researchers.
The ‘heartbleed’ bug is a flaw in the widely-used web encryption software known as OpenSSL. Google, Facebook and Yahoo are some of the major companies that use SSL technology – most recognizable to users as the padlock that appears in the address bar of your browser.
Since the flaw was discovered by researchers from Google and security group Condenomicon, webmasters have scrambled to update their software and protect users’ data, although some researchers warn that it is already too late.
The bug allowed attackers to pull random chunks of information from the memory of a server, meaning that everything from passwords and usernames to credit card numbers and home addresses could have been taken. As many as half a million websites are thought to have been affected.