A huge flaw in one of the Internet’s most vital encryption methods has been exposed—something that could compromise your stored files, bank information, Social Security numbers and pretty much anything else you want to keep on lockdown. According to The New York Times, you might want to change all your passwords right away.
There’s a lot of technological jargon behind the flaw (for the curious, Gizmodo has a detailed breakdown), but it involves a flaw in OpenSSL, an encryption technology used by almost two-thirds of all websites. The bug has been nicknamed “Heartbleed,” and hackers are already exploiting it. As David Chartier, the chief executive at the security company that found the bug, told the Times, “It’s a serious bug in that it doesn’t leave any trace. Bad guys can access the memory on a machine and take encryption keys, usernames, passwords, valuable intellectual property, and there’s no trace they’ve been there.” That, of course, means there’s no way of knowing how big this breach is—but it could be unprecedented.
A developer named Fillipo Valsorda has put together a tool to help you check websites you frequent for vulnerability. According to the site, Google, Facebook and Amazon are safe—but Yahoo, Flickr, Slate, WeTransfer, Eventbrite and many more have been compromised …
