Researchers have discovered a serious bug they dubbed Heartbleed that puts personal and financial data at risk. The bug exposes vulnerability in the widely used OpenSSL cryptographic software library and it allows hackers to steal decodable secret keys that can decode as data is transferred between users across the Internet.
"This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users," said a statement released by researchers from Google and security firm Codenomicon on the website www.heartbleed.com.
The researchers prompted users and businesses alike to update their servers to address the problem they say is one of the most serious to be detected in years.
Without such an update, the researchers suggest the attacking virus could become a problem that needs to be watched closely in the years to come due to its secrecy.
The researchers said they ran a test on the bug by attacking themselves from outside and were able to "steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business-critical documents and communication."
However, the bug is two-years-old and an attack leaves no trace of its origin, which might explain the delay of the discovery, yet the research suggests that using the update provided on the website could help be a solution going forward.
"The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptography software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet," the researchers said.
For now, the bug has not become a serious issue in the grand scheme of Internet viruses, but the researchers and others are keenly aware that breaches in financial and personal data could put millions at risk.
Industry experts expect oversight bodies to begin to look closely at the very real threats of identity theft and personal identities to maintain the security that users expect when browsing or making purchases online.