The Heartbleed bug has struck. Mumsnet, a leading UK parenting site and the Canadian tax agency have both announced that their data has been compromised by hackers exploiting the Heartbleed bug.
These two cases are the first confirmed cases having losses. Mumsnet, which has around 1.5 million registered members, believe that the hackers may have possibly obtained passwords as well as personal messages before the site was updated for the patch. On the other hand, the Canada Revenue Agency has said that around 900 of its user?s social insurance numbers had been stolen.
According to Mumsnet, it had become obvious that their data was at risk when the site?s founder, Justine Roberts? username and password were used to post an online message. Justine then informed the administrators of the website that the company?s data had been compromised so that they could implement security measures. Mumsnet then took a course of action to send out an email to all of its members saying that: ?it became apparent that what is widely known as the Heartbleed bug had been used to access data from Mumsnet users? accounts?. The problem is that there is no way of knowing specifically which Mumsnet users had been affected. The worst case scenario is that the data of all Mumsnet users were accessed and compromised. This means that all sorts of data ranging from personal messages, profiles and posting histories are fair game to the hackers. The Mumsnet website has added in their page a compulsory password reset and has reset all users? passwords on Saturday 12th of April.
Canada tax agency
The Canada tax agency was one of the first major organizations to halt their services as a result to the problem with OpenSSL which the Heartbleed bug exploits. The quick action though was still a bit too late as hackers were quick on the uptake. The agency posted on their homepage saying that: ?Regrettably, the CRA has been notified by the Government of Canada?s lead security agencies of a malicious breach of taxpayer data that occurred over a six-hour period?. Based on the analysis, approximately 900 taxpayers have been affected.
The Heartbleed bug is dangerous and it is important to update your credentials as soon as the vulnerability on the website or service that you use has been patched and confirmed secure against future attacks.
Photo Source: heartbleed official website