Thursday 12 December 2019

'Heartbleed': Warning for email users as new bug targets passwords

Allianz has suffered a data breach
Allianz has suffered a data breach
Adrian Weckler

Adrian Weckler

A NEWLY detected internet bug that exposes email users' information to hackers could mean hundreds of thousands of Irish people need to urgently change their passwords.

The flaw, nicknamed 'Heartbleed' by researchers from Google who discovered it this week, allows hackers to attack websites that use the most commonly available security encryption techniques. It has been described by experts as one of the most serious security flaws in recent years.

Yahoo Mail users were first to be warned of the vulnerability, but the list of everyday websites thought to be affected is growing.

The security bug, which affects as many as two-thirds of the world's encrypted websites, is now known to have existed undetected for two years.

"Passwords, user identification and cookie sessions have all been vulnerable during this two-year period and users' accounts may have been hijacked," warned Michael Brophy, a data-security expert with Dublin-based Certification Europe.


A spokesman for Yahoo confirmed that Yahoo Mail had been vulnerable to attack, but said it had now been patched, along with other main Yahoo sites such as Yahoo Search, Finance, Sports, Flickr and Tumblr.

"We are working to implement the fix across the rest of our sites," said the spokesman.

Chris Eng, vice-president of research with software security firm Veracode, said he estimated that hundreds of thousands of web and email servers around the globe needed to be patched as soon as possible to protect them from attack by hackers.

The news comes in the wake of a new report from security firm Symantec that says that the number of data breaches rose by 62pc in 2013, resulting in more than 552 million identities being exposed.

The report also claimed a 500pc increase in so-called ransomware, an aggressive scam that locks people's computers, forcing them to pay a fee to have their device unlocked.

Irish Independent

Also in Business