DHS issues warning about 'Heartbleed' bug


Officials at the Department of Homeland Security have warned people to monitor their online accounts at banks and other websites for improper activity, after the detection of a computer bug affecting popular and trusted Web encryption software.

The bug, called "Heartbleed," has affected a wide range of websites across the Internet and raised alarms that people's private emails and personal information could be exposed to hackers.


The DHS said on Friday that there have not been any reported attacks or hacks involving the bug, which has existed for about two years. But the DHS said, "it is still possible that malicious actors in cyberspace could exploit un-patched systems."

Heartbleed, discovered this week by researchers at Google and a Finnish security firm, is a glitch in the popular SSL encryption technology that makes it possible for one computer to trick another into sending it some of the contents of its memory. Credit card numbers, passwords and other information could theoretically be stolen.

When the news broke earlier this week, the DHS immediately issued an alert "to share actionable information with the public and suggested mitigation steps," it said.

The department also reached out to various companies to determine how the bug might have affected critical networks on Wall Street, at utility companies and other telecommunications firms.

Additionally, the Federal Financial Institutions Examination Council, a financial regulator, told financial institutions on Thursday to patch their systems "as soon as possible" to deal with the bug.   

The DHS said on Friday that the government websites used by the public "are not exposed to risks from this cybersecurity threat."

Still, it warned people to see if the websites they use most have been affected by the bug and are secured against it. The agency said that, once a site is determined to be safe, people should change their passwords.

People should also keep tabs on banking, social media and other websites to make sure their personal information has not been stolen.

"Cybersecurity is a shared responsibility and when we take steps to ensure our own cyber safety, we are also helping to create a safer Internet for others," the DHS said.