NULL Heart Bleed Bug Update: Chase, BOA, Wells Fargo, IRS NOT Affected by OpenSSL Security Flaw

Heart Bleed Bug Update: Chase, BOA, Wells Fargo, IRS NOT Affected by OpenSSL Security Flaw

Apr 14, 2014 01:26 AM EDT

Heartbleed bug appears to be one of the biggest flaws in the Internet's history, affecting the basic security of as many as two-thirds of the world's websites. Your passwords and credit card numbers may have been exposed by the security bug over the past two years, it is affecting many global IT systems in both private and public sector organizations. 

Major US banks and other financial institutions including Chase, Bank of America, American Express, Citigroup, Wells Fargo have indicated that they are not vulnerable to the internet bug.  

The Internal Revenue Service reports that its system have not been affected by heartbleed, therefore it will continue to accept tax returns as normal. The IRS advises taxpayers to continue filing their tax return in advance of the April 15 deadline.

The Canada Revenue Agency has shut down all its online services on April 9, but the full service has been restored on all of its online systems as of Sunday. The CRA has extended the filing deadline for individual tax returns to May 5 due to the service interruption. 

Some popular websites and social network such as Gmail, Pinterest, Google, Tumblr, Instagram, Yahoo, YouTube that were vulnerable to the encryption flaw have already updated their servers with a security patch to fix the problem.

The software developer, Last Pass, has created a website to check sites for vulnerability

What is Heartbleed? 

The Heartbleed bug is caused by a flaw in OpenSSL software, which is commonly used on the Internet to provide security and privacy. It is an encryption flaw in the code used on more than two-thirds of active websites, such websites can be identified by a little lock icon on your browser or the "s" at the end of "HTTPS" before the web address.

Heartbleed was discovered by a Google researcher and an independent Finnish security firm called CodenomiconA fixed version of OpenSSL was released on Monday, April 7. Websites and other services can be secured by using it or by disabling the affected part of the code.  

Do I need to change my passwords?

Ari Takanen, chief technology officer for Codenomicon, advises internet users to wait for an official statement from the internet services you use and follow their guidelines. It is advised that you should update your passwords only when you have confirmed a site has already taken the proper measures to address the issue.  

Mashable has compiled a list of popular sites, with information about whether they were affected and suggestions about whether you need to change your password. 

According to Mashable, Linkedln, Apple, Twitter, Amazon, Microsoft, Hotmail/Outlook, eBay, Groupon, Target, PayPal, Walmart are NOT affected by the heart bleed bug.