Internet users urged to change all passwords

Computer security specialists on Tuesday raised alarm about a freshly discovered bug in online data-scrambling software that hackers can turn to their advantage.

Zee Media Bureau/Salome Phelamei

San Francisco: Following the uncovering of a major Internet security flaw, various tech firms are urging customers to reset all their passwords at the earliest possible.

The threat dubbed `Heartbleed` in OpenSSL encryption software goes undetected for more than two years, exposing millions of passwords, credit cards and other sensitive data to potential theft by computer hackers.

According to BBC, Google Security and Codenomicon - a Finnish security company - revealed on Monday that a flaw had existed in OpenSSL for more than two years that could be used to expose the secret keys that identify service providers employing the code.
OpenSSL is used to protect passwords, credit card numbers and other data coursing through the Internet.

Security experts believed that hackers may have been secretly exploiting the problem before its discovery.

Yahoo, which has more than 800 million users worldwide, is among the Internet services that could be potentially damaged by Heartbleed bug.

Yahoo said it is focused on providing the most secure experience possible for the users worldwide and is continuously working to protect users’ data.
A blog post at the Tor Project website asked users to avoid Internet for a few days, especially those with strong privacy to give time to websites and servers to reset security credentials.