MINNEAPOLIS (WCCO) — You may want to change all your online passwords in the coming days. A large-scale lapse in Internet security has been uncovered, revealing that millions of accounts may be vulnerable.
The security breach has been dubbed “Heartbleed,” and it potentially affects credit card numbers, email services and other sensitive information.
University of Minnesota student Taylor Loch got word of the breach Wednesday while taking a break with friends, her laptop on the table in front of her.
“I do a lot of online shopping,” she said, “more than I’d like to admit — or that my parents know about. I don’t really want other people seeing my personal information or like my credit card numbers or anything like that, so yeah, I’d definitely be worried.”
Researchers this week discovered a problem with the online encryption that’s supposed to keep transactions safe. It’s the system that changes the web address from http to https, and creates a lock icon, indicating security.
Konr Ness of The Nerdery wrote a blog post about Heartbleed. He said the flaw means hackers could still potentially peek into the server.
“So, anything that’s passing through that server,” he said, “it could be a password, could be a credit card number, it could be a Social Security number or any other kind of sensitive information, is potentially viewable by an attacker.”
Ness said keeping your computer software up to date is critical, along with choosing different passwords for different sites.
“So, if I am on Amazon and another site,” he said, “and Amazon gets hacked, the attacker on Amazon won’t be able to get into all my other sites like my email.”
So far, there is no evidence that hackers have used the weakness in the system to steal sensitive information, but Ness said it often takes time before stolen information is used.