A few days ago a bug was found in some common infrastructure used throughout the internet which meant that more or less no site was secure to the bug. It is known as the Heartbleed bug. (further simplified details via BBC News)
An attacker aware of the bug could more or less hack anything on the net including government/tax portals and all banks to social networks to email providers to shopping sites. From the BBC News link:
Security expert Brue Schneier described it as "catastrophic". "On the scale of one to 10, this is an 11."
Another source going into the technical details has stated that:
Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication.
A fix has been released and the server used for this site has been updated to fix the security vulnerability.
While it is possible that some personal data could potentially have been compromised before the bug was found (hello NSA/GCHQ!), this site will not be forcing a password reset. Users may want to reset passwords (for this site and ALL OTHER ONLINE SERVICES WITH ANY AND ALL PROVIDERS) anyway to keep their details secure.
A warning though, you want to update your passwords after the services have been updated. the major services such as google/yahoo/microsoft etc were secured before the bug was made public and facebook within a few hours of it being public.
Comments
Safe and sound yeah?