Allentown
61° F
Overcast
Overcast
 

Online security flaw leaves information exposed to hacker

By Catherine Hawley, Reporter, news@wfmz.com
Published On: Apr 09 2014 05:11:00 PM CDT
Updated On: Apr 09 2014 06:16:48 PM CDT

It's a security flaw that has potentially affected hundreds-of-millions of websites over the past two years, and it may have compromised your sensitive information.

BETHLEHEM. Pa. -

It's a security flaw that has potentially affected hundreds-of-millions of websites over the past two years, and it may have compromised your sensitive information.

John Mattaboni with Valley Network Solutions in Bethlehem says the so-called 'Heartbleed' bug is a flaw in one of the foundations of the internet.

"It's estimated at this point that anywhere between two-thirds and three-fourths of everything that touches the internet can be affected in some way."

The bug deals with software called OpenSSL, technology used to safeguard sensitive information entered into websites.

Basically, many sites thought to have secure connections over the past two years really weren't protected.

"It's a basic security flaw," shared Mattaboni. "That means it has compromised everything from your log in and password information on major sites to credit card information, perhaps social security numbers, credit reports, nobody really knows at this point."

To make matters worse, hackers exploiting the flaw are untraceable, so there's no way to tell if the information has been compromised.

"This is not a virus that is actively seeking to cause damage, this is something that's already in place and requires someone to attempt to exploit it in order for it to have a bad outcome," Mattaboni shared.

Since the 'Heartbleed' bug was discovered Monday, a patch has been put in place and most sites are fixing the bug.

"It remains to be seen if people are going to be affected in a large way."

Mattaboni says if you haven't experienced some type of identity theft yet, most likely you are okay, but he does suggest changing any passwords you use online, especially the ones for critical systems like your banking.

You can use this link to check if certain websites are vulnerable to the 'Heartbleed' bug.