eye-3-yellow-3d-2-new-logo philly_kyw_new philly_94wip_new 35h_cbssportsrad_philly philly_wpht_new
NOW LIVE: Eyewitness News: Watch Live Stream

Local

Major Internet Security Flaw Exposes Millions Of Usernames, Passwords

View Comments
file photo (credit GREG WOOD/AFP/Getty Images)

file photo (credit GREG WOOD/AFP/Getty Images)

Jim Melwert Jim Melwert
Jim is a "morning drive" reporter for KYW Newsradio 1060, bringing...
Read More

Get Breaking News First

Receive News, Politics, and Entertainment Headlines Each Morning.
Sign Up

By Jim Melwert

PHILADELPHIA (CBS) - A newly discovered computer bug has security experts scrambling. It’s called “heartbleed” and it affects what’s called openSSL.

Without getting into the jargon, the security flaw has to do with that little padlock you see on websites and the HTTPS in the address bar. That’s supposed to mean a website is secure.

But now experts say the widely used encryption software may have a major flaw meaning millions of websites — possibly two-thirds of the web — may have been leaking critically sensitive data for the past two years.

Yesterday, Tumblr — owned by Yahoo — became the largest website to disclose it’s been hit by the bug, it urged users to change not just the password for its site but for all others.

Security experts though, say if you change your password before the security flaw is fixed, that password would also be vulnerable. So don’t change until your sure the site’s been fixed.

And one of the problems here is a hacker could get in, get info from these sites and leave little if any trace, which means it could be impossible to tell what’s been breached.

And to make matters worse, in theory, a hacker could create a spoof or fake site to get users to disclose even more data.

A patch has been released, and sites are making fixes.

 

Top Content On CBSPhilly

View Comments