Drew Hendricks Drew Hendricks is an SEO and Social Media specialist living in Seattle, Washington. Drew writes words that people enjoy reading every moment they are awake.

First “Heartbleed Attack” makes wave

1 min read

Heartbleed attack

In the past couple of weeks you’ve probably received emails, Facebook posts, or tweets warning about the Heartbleed virus, but have there actually been any victims? Supposedly, Heartbleed has a knack for stealing credit card information, usernames, and passwords, making it a particularly nasty virus.

Heartbleed attack

The news swept the globe, raising general anxiety, putting IT engineers on full alert, and causing everyone to search desperately for patches. Millions of people around the world set new passwords, but there weren’t any reports of accounts being hacked until April 16, many days after the first warnings went out.

Canadian police reportedly arrested someone who used Heartbleed to lift data from the country’s tax website. The Canada Revenue Agency (CRA), which is the Canadian equivalent of the IRS, was hacked during an epic six-hour time frame. Someone used Heartbleed to snatch the social insurance numbers for about 900 people, as well as other sensitive data.

Andrew Treusch, CRA commissioner, said, “The CRA worked around the clock to implement a patch for the bug, vigorously test all systems to ensure they were safe and secure, and re-launch our online services. The CRA is one of many organizations that was vulnerable to Heartbleed, despite our robust controls.”

This should serve as an object lesson about why you should study the legal information supplied by your VPN and pretty much anything that’s tech related.

Who’s behind the attack

A 19-year-old from Ontario, Stephen Solis-Reyes, was arrested and his computer seized. Reuters reported that he’s “associated with the attack,” and will likely face criminal charges, including the unauthorized use of technology as well as “mischief.”

According to a statement by the Royal Canadian Mounted Police, “It is believed that Solis-Reyes was able to extract private information held by CRA by exploiting the vulnerability known as the Heartbleed bug.”

Just one week before, panic had spread as rumors about Heartbleed became widespread, and numerous organizations and corporations sent mass emailings to their customers with warnings. They speculated that your personal data could easily be stolen, yet we heard nothing but crickets until the news from Canada.

A slow infection

Reuters reported that an estimated 500,000 websites, including Facebook and Google, may have been infiltrated by the rogue program, yet nobody aside from the CRA has come forward with a substantive complaint about Heartbleed. Among the other big names allegedly infected was Yahoo!.

Web analysts believe that although the CRA is the first to confirm itself a victim of the attacks, it surely won’t be the last. Solis-Reyes will make his first court appearance on July 17. It’s probable that a number of other victims will have come forward by then.

When sensitive information is stolen, the victims often don’t become aware it’s happened until weeks or months later. They learn the unhappy news when odd charges turn up on a bill, a credit card is declined, or they find something sketchy on a credit report when they apply for a loan.

This isn’t a common occurrence for many, and thieves could spend several weeks racking up bills in your name before it comes to your attention. Changing your password is only the first step in the process; you also need to follow your credit report to ensure there’s nothing shady going on.

Avatar of Drew Hendricks
Drew Hendricks Drew Hendricks is an SEO and Social Media specialist living in Seattle, Washington. Drew writes words that people enjoy reading every moment they are awake.

Obama wants $19 billion to improve America’s cyber security

Cyber attacks have grown to become one of the most-important issues in the United States, with both corporations and government agencies suffering from them in...
Avatar of Brian Molidor Brian Molidor
55 sec read

A hacker managed to steal information from the DHS…

Motherboard reported on Sunday that a hacker managed to get their hands on the personal information of about 30,000 employees for the DHS and FBI,...
Avatar of Alfie Joshua Alfie Joshua
57 sec read

The Java plug-in is finally going to meet its…

It’s been more than two decades since Oracle decided to start plaguing web browsers with its Java plug-in, but it looks like it’s time for Oracle...
Avatar of Chastity Mansfield Chastity Mansfield
58 sec read

Leave a Reply

Your email address will not be published. Required fields are marked *