Reports about a new vulnerability called the Heartbleed Bug were publicly released on Monday, April 7th. The Bug exposed vulnerabilities in versions of OpenSSL software that were released in the last two years. OpenSSL software is commonly used to encrypt sensitive information on websites and is estimated to be used by approximately 60% of all internet servers.
The Heartbleed Bug was so widespread that most of the internet community was affected (including prominent agencies and businesses like the FBI and Yahoo). Global Reach responded to the issue right away by alerting our clients and updating all of our servers. We also re-installed all SSL certificates.
There were two major concerns raised by the Heartbleed Bug. First, exploiting the Bug caused susceptible systems to leak data that was stored in memory. Second, it exposed sensitive information that could have been stolen by internet criminals. Vulnerable information could include usernames, passwords, credit card numbers and social security numbers. Even the keys servers use to encrypt and protect sensitive data were at risk. If hackers gained access to the encryption keys, they could have then decrypted and read virtually any secret data.
If you have additional questions please contact the Global Reach Support Team. If you would like more information about the Heartbleed Bug please click here.
SSL Certificate: Stands for "secured sockets layer" certificate. Websites with an SSL Certificate are following a protocol that allows the website to encrypt and securely transfer data over the internet.