"Heartbleed" Could Put Personal Information At Risk
Columbia, SC (WLTX) - Tonight may be the night to change the password on a number of your online accounts, all because a web vulnerability is causing trouble at big sites online where you could have accounts.
There's no way to tell if the "Heartbleed" vulnerability put your information at risk or not but many sites are patching up a hole in security just to make sure.
"No one knows if this vulnerability has been used by evil doers to examine anyone's information, said Bob Brookshire with the USC Technology Information Department. "This information could include things like your User Name and Password and other information that you store. The vulnerability allows a third party at small chunks of that information that have been stored on the companies server without your knowledge and without the knowledge of the company itself."
The flaw is in a piece of software called Open SSL that's used by web developers.
Heartbleed has been around since 2012, but only discovered recently.
Not all companies use Open SSL, but ones that do are vulnerable until a patch is installed.
"Sites like Yahoo, Google, Facebook, Pintrest, and Tumbler, have used it," Brookshire said. "Your account information there may have been exposed."
Apple and Windows users are protected from Heartbleed but Android users don't fare so well. Some Android versions are vulnerable.
There's a free Heartbleed app that let's Android users know if a phone or tablet is vulnerable and will install a patch.
"If you have an account on one of those sites that's been exposed, even though the vulnerability has been fixed, we still don't know if your information was ever divulged," Brookshire said.