Computer experts have identified a new online security vulnerability called Heartbleed that may have compromised consumer data on thousands of websites.
Heartbleed is a defect in older versions of OpenSSL security software, which is designed to protect servers from hackers. Researchers say that a minimum of 500,000 servers have the Heartbleed vulnerability in their security software. Many critical infrastructure and e-commerce websites use OpenSSL to encrypt data on their servers, the Washington Post notes.
The flaw was identified by experts at Google (GOOG) and Finnish online security firm Codenomicon. Computer experts say that Heartbleed is one of the most serious online vulnerabilities identified in years.
On Tuesday, the U.S. Department of Homeland Security issued a warning to businesses to check the version of OpenSSL on their servers to make sure their networks are secure.
Hackers may be able to exploit the Heartbleed flaw to access consumers’ personal data, including passwords, user names, emails and key documents. So far, no one knows if any hackers were aware of Heartbleed, or have used the flaw to compromise servers. The nature of Heartbleed means that hackers could have penetrated systems without leaving a trace.
The BBC notes that Heartbleed has been found on versions of OpenSSL dating back more than two years. However, a new version of OpenSSL is free of the flaw. The clean version of OpenSSL was released on April 7.
Yahoo’s (YHOO) Tumblr blogging platform has acknowledged that it has been affected by Heartland. Tumblr has advised users to reset their Tumblr passwords, the Los Angeles Times notes.
Heartbleed’s discovery had technology giants scrambling to update the systems. The flaw could affect major e-commerce giants like Amazon (AMZN) and (EBAY) as well as social media platforms like Facebook (FB).