Heartbleed bug causes major security headache

Heartbleed Bug
Heartbleed Bug

GREEN BAY - A recently-discovered computer bug may have you wondering if your personal information is safe.

Heartbleed is causing major security headaches across the Internet.

Websites are racing to fix the flaw, which hackers could use to get personal information.

"I've had to enter some personal information through shopping like debit card numbers, social security numbers for background checks for jobs and stuff like that, so it's kind of scary," said UW-Green Bay freshman Trevor Copeland.

Scary because millions of passwords, credit card numbers and other personal information may be at risk. All because of a breakdown that affects encryption technology.

"Heartbleed is a security vulnerability that was discovered on a particular piece of software that is used to encrypt traffic to websites," said UW-Green Bay's IT Security Officer David Kieper.

Some major websites, including Yahoo and Google, say they've already taken steps to secure their sites. However, Internet security experts say hundreds of thousands of websites may be vulnerable.

"This is a serious problem," said Kieper.

But Kieper adds while the lapse went undetected for two years, there is no proof anyone ever exploited it.

"In that respect, a lot of sites, like I say, may have been vulnerable but it doesn't mean that anything has really been lost at this point," said Kieper.

So how can you protect yourself? You may wonder whether you should call in sick and take the time to change all of your Internet passwords.

"If you go to a site that has not been fixed, your password is still vulnerable. So until the site tells you to change it, don't do it," Kieper said.

Green Bay Net's Elliot Christenson says this situation is different from past security risks.

"Other threats usually you know if you've been compromised or you know if you've been vulnerable. And this one, they don't know how long necessarily," said Christenson.

The website developer says while his company's sites weren't affected, news of the bug came as a shock.

"It was terrifying because not everybody knew what was wrong and there wasn't actually a fix immediately," Christenson said.

Experts also say to watch out for emails asking you to change your password. They say don't trust the links included in those emails.

For a list of sites that recommend you change your password, click here.