A security bug set off a storm of worry across the Internet this week. Its name is Heartbleed and it could make websites vulnerable to hackers.
One data analysis website found more than 17 percent of the top 1 million sites on the web may have been exposed.
The bug compromised web encryption technology used on popular websites, potentially exposing personal information to hackers. But security experts said users shouldn't change their passwords just yet.
“I’m a bit obsessive about technology, so I’ve read quite a bit,” University of Wisconsin-Madison professor Jerome Camal said. “You have to take all of these things very seriously.”
Hackers took advantage of a leak in a system called OpenSSL that many major sites use to encrypt data. They tricked a server into turning the encrypted gibberish into readable information. Two-thirds of websites may have been vulnerable to this flaw.
The problem has persisted for two years and security experts had no idea.
“It was a badly written piece of code in that application and somebody figured out, 'If I do this, I can see all of this,'” said Madison College Information Security Director Mike Masino. “Theoretically, you could have gotten your username and password stolen any time throughout that this has been vulnerable.”
If you want to change your password, experts suggest holding off while websites big and small work to patch the problem.
Paypal, Chase and LinkedIn said they weren’t impacted, while other sites like Google said it has made the appropriate fixes.
“I think people who aren’t paying attention should definitely pay attention to it,” Camal said.
Madison companies UW Credit Union, Cuna and Meriter Health Services said they weren’t affected. But American Family Insurance said its systems that use OpenSSL are either not vulnerable or have been patched.
There is a website available where online users can check to see if a site is vulnerable.