News 12 at 6 o'clock / April 10, 2014
AUGUSTA, Ga. (WRDW) -- "I've been tinkering with computers ever since I was probably old enough to hold a mouse," said Zac Lewallen. But Lewallen, a security expert at Computer Exchange in North Augusta admits he has never seen anything that compares to the latest cyber threat. "Coming from a security background it's huge," said Lewallen.
It is being called the "heartbleed" bug, a security vulnerability that has exposed encrypted information from websites and email accounts of computer users." It's a pretty widespread bug they say it's effecting two-thirds of websites over the internet," said Lewallen.
It gives attackers a peak at your private information like usernames and passwords without you ever knowing. The bug compromises the internet service providers encryption keys. It is not a new threat. Google security experts who discovered the vulnerability on Monday said the bug has been around for almost 2 years.
Major websites such as Google such as Yahoo and services associated with them have been effected," said Lewallen. The internet password management service Lastpass has created a search engine where computer users can verify the vulnerability of any website and it found even Facebook was vulnerable too.
"You link a lot of things from Facebook to other things especially if you link your mobile phone all of your contacts," said Lewallen. He said changing your password will only work if the website your using has already fixed the problems on its end. But what if you bank online?
"Most banking institutions and financial institutions are safe because they use different types of encryption," said Lewallen. We asked Lewallen what a worst-case scenario would be for folks in the coming months and even years.
"A lot of people will have identity theft since its a huge rampant thing on the internet. Purchases being made in your name the inconvenience of having to get a new credit card a couple of different times," said Lewallen.
Computer and consumer experts said if you have purchased anything online with a debit or credit card you should carefully monitor your accounts for any unusual activity. While most banks are secure, we did find a few that were considered `vulnerable according to Lastpass due to out-of-date encryption software.
To verify the security of any website just follow the link: http://www.computerexchange.com/HEARTBLEED/