Hackers have leveraged the “Heartbleed Bug” to attack a “major corporation”, according to
Mandiant, a network security firm based in Alexandria, Virginia, USA.
The unnamed corporation was attacked only 24 hours after The New York Times made the world aware of what appears to be a universal security flaw in OpenSSL - an open-source implementation of the SSL and TLS protocols that is widely utilized in web hosting for the encryption and transmission of data.
News of the hack was posted on Mandiant’s blog. The company suggested the hacker used the flaw to hack into the corporations Virtual Private Network (VPN). It took place on April 8, 2014.
Hackers exploiting the Heartbleed Bug are able to access data held on a server including username, passwords, and in some cases, credit card information.
Mandiant’s disclosure comes after the arrest of Stephen Arthuro Solis-Reyes from London, Ontario, a 19-year-old Canadian recognized as being the first person to be arrested as a result of leveraging the Heartbleed bug. He has been accused of hacking into the Canadian Revenue Agency (CRA)'s website and stealing 900 social insurance numbers.
In the United Kingdom Mumsnet, the “UK's second largest website for parents” which has 4.8 million visitors per month, also experienced a security breach. A hacker penetrated several of the website’s accounts, including that of the website’s founder Justine Roberts.
Have you been impacted by the Heartbleed Bug? Let us know your experience. Add your comments below.