Insiders at the US National Security Agency claim that the organisation has been exploiting the so-called Heartbleed bug for nearly two years to capture data on individuals instead of informing the rest of the online community.
The claims, denied by both NSA and White House chiefs, follow whistleblower Edward Snowden’s allegations that it was common practice for the organisation to deliberately introduce vulnerabilities to security software.
NSA spokeswoman Vanee Vines said in an email: “[The] NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private-sector cyber security report. The reports that say otherwise are wrong.”
The Heartbleed bug could potentially affect hundreds of thousands of web and email servers which run open source software and has triggered major warnings across the world.
Online users are being urged to change all their passwords and usernames where possible as the bug went undetected for more than two years.
A blog post by Tumblr last week even urged people to “call in sick and take some time to change your passwords everywhere – especially your high-security services like email, file storage, and banking, which may have been compromised by this bug”.
Related stories
Hacks up as Heartbleed fuels panic
Staffer held over Morrisons breach
Hackers ‘get ugly’ with mega attack
Cops ‘don’t care about cyber crime’
Adobe data attack ‘may hit billions’
Top US stars hit by D&B breach
Foxtons hit by online hack attack
Hacking staff could wind up firm
58m rocked by Ubisoft hack attack
