Earlier this year, the Internet lit up with reports about an online vulnerability that allowed hackers to blow right by password protections and access accounts with ease. It's known as Heartbleed, and most reports about the issue focused on the financial impact of the problem.
In article after article, experts were asked to weigh in on the possibility of identity theft or unauthorized credit card use due to the bug. That sent me scrambling to my bank account's page, just so I could ensure that nothing tricky was going on.
But, there's more to Heartbleed than simple finances. In fact, this particular problem could do all sorts of reputation damage, and no one is really talking about that at the moment. I think it's time to shift the conversation.
The little batch of code known as Heartbleed takes hold during the moment at which two servers meet up with one another in cyberspace. Gizmodo did a brilliant description of how the code actually works, and that's worth a read, but the non-techie version is that the bug breaks down exchanges between one server and another.
Normally, information moving from one server to another is scrambled and protected. Heartbleed breaks that process down. Hackers can end up with bits of data, like passwords or email addresses or a user name. They can then piece all of that information together and gain control of a person's activity online.
So, this means the bug could allow a hacker to tap into financial information, such as information you might use on a trading site or on a bank site. This could, in theory, cause some people to experience financial distress. But, a hacker could also gain access to something like an email account or a social media account.
That means a hacker could gain access to all sorts of damaging information you might send through the internet, including:
- Sexy selfies
- Disparaging comments about your boss
- Photos of wild parties
- Personal letters about your physical health
Clearly, the danger goes beyond the financial. Essentially, anything you've done online (if you've done it on a vulnerable site or device) could be available to a hacker via Heartbleed.
Changing passwords, right now, seems like a smart move for everyone and anyone. If hackers have used the vulnerability in the code to access your pages and you change your password after that vulnerability has been fixed, all of your data will be safe.
Amazingly, however, a HuffPost/YouGov poll found that only 38 percent of people had changed their passwords as of early April. That means many people are still vulnerable. Those who have changed their passwords might not be safe, either, as experts suggest that some 2 percent of websites still haven't fixed their coding as of mid-April. This means Heartbleed is still alive and well in some sites, and changing the passwords won't help at all.
If you use an Android app, you might face the same kind of catastrophe, as some 150 million mobile applications may be vulnerable, according to re/code. That's a heck of a lot of people, and it's hard to know how to handle that particular problem. I've not seen any reports of app developers contacting their clients to suggest a workaround solution.
Even the router you use could be vulnerable to Heartbleed, according to PC Magazine, as these networking devices use their own kind of encryption code that might be easy enough for a hacker to manipulate with this particular bug. So far, it's unclear how router manufacturers plan to assist customers with defective machines. I know I haven't been contacted by my provider.
At this point, it makes sense to take a few simple steps:
1. Check this list, and change passwords for the websites that appear
2. Check this list of router names, and upgrade software as needed
3. Delete and reinstall apps
4. Steer clear of open-access routers (like coffee shops, for example) for now
But, these are steps that might protect you from future damage. They won't do anything to help you to control and manage the release of sensitive information hackers might already have due to Heartbleed. For that, you need monitoring.
Monitoring software allows you to keep track of all of the information released about you online. You can track information based on specific keywords, like your name or the name of your company, or you can create customized monitoring solutions for specific phrases that might be associated with the information you'd like to keep secret. This tool runs all the time, 24/7, and it alerts you just as soon as a problem is found, so you can take action to remove it before it goes viral.
If you've been attacked by Heartbleed (and chances are good that you have), you simply need this kind of protection. We offer a great monitoring tool for individuals, and it's inexpensive. But whether you use our tool or someone else's product, just be sure that you're doing some type of monitoring.
The danger is very real, and unfortunately, a lot of the damage has already been done. It's up to you to keep the problem from escalating.