New cyber threats that affect consumers and businesses alike are constantly emerging, some of them more dangerous than others. Recently, the Heartbleed bug made a big noise, getting attention as a software flaw that could expose the sensitive information of hundreds of thousands of users.
What exactly is the Heartbleed bug? How did it change e-commerce? Is it still safe to shop online?
What Is It?
Open SSL encryption software is the tool that online shops use to protect information such as credit and debit card numbers and passwords. The sites are easy to recognize; they all have https:// in the URL. However, the Heartbleed bug can lead to attackers tricking a server into sharing secure information.
Vox.com explains how it works, “The SSL standard includes a heartbeat option, which allows a computer at one end of an SSL connection to send a short message to verify that the other computer is still online… Researchers found that it’s possible to send a…malicious heartbeat message that tricks the computer at the other end into divulging secret information.”
Who Does It Affect?
The dangers that come along with the Heartbleed bug do’t put just a handful of servers and consumers at risk. Basically, almost any website that accepts payment is at risk.
To make matters even worse, the flaw has existed since 2011, and it only came to public attention in April of this year. Hackers have had years to take advantage of it, so it’s impossible to tell how much of an impact the bug has already had on businesses and Internet shoppers.
The Potential Damages
The leakage of sensitive consumer information can lead to identity theft, but that’s only one part of the bad news. The Heartbleed bug also exposes server security keys, which are the codes that enable the servers to make sense of encrypted information. When a hacker gets a hold of a security key, he or she can impersonate the server, raking in even more private information.
E-commerce businesses are well aware of another way that security breaches hurt. When news about the bug first broke, “Security experts [advised] people to literally stay off the Internet—not logging into bank sites to check a balance…or shopping online,” says thinkprogress.com. Without a fix for the bug, all Internet businesses found themselves in jeopardy.
Once the spotlight fell on Heartbleed, it wasn’t long before experts devised a solution to stop the bug in its tracks. The fix was as simple as disabling or patching SSL’s heartbeat extension. It was up to individual servers to take care of this, and many website operators acted quickly to protect consumers.
However, some sites left themselves open to the Heartbleed bug. A recent news article pointed out that as of May 9, 2014, as many as 300,000 sites were still vulnerable, a number that represents about half of the sites initially affected. Given that eye-popping number, it’s only reasonable that many online shoppers have lost trust in their favorite Internet shopping haunts.
Is It Safe to Shop Online?
With all the potential personal catastrophes tied up in the infamous software flaw, it’s no surprise that consumers are scrambling for Heartbleed bug protection. While the main responsibility lies with website operators, individuals should also take steps to safeguard their information. Some simple things that people can do include:
- Logging out of websites after each session.
- Frequently changing passwords.
- Checking if a website is vulnerable to Heartbleed before using it. This list shows many major sites that are no longer (or never were) vulnerable to the bug.
- Investing in identity theft protection.
The Heartbleed bug’s exposure sent waves of fright through the online shopping community, but bringing it into the public eye turned out to be a good thing. It led to a patch that can stop the bug, and it served as a vivid reminder that consumers should always take precautions to protect their information.
There will always be pitfalls associated with online shopping, but responsible businesses and savvy consumers can take action to minimize the risk. Hence, bargain hunters and hobbyists can still shop online without shaking in their boots.