• Home
  • Latest
  • Fortune 500
  • Finance
  • Tech
  • Leadership
  • Lifestyle
  • Rankings
  • Multimedia

Trendingnow

1

The U.S. spent $30 billion to ditch textbooks for laptops and tablets: The result is the first generation less cognitively capable than their parents

2

Current price of oil as of July 13, 2026

3

Current price of silver as of Monday, July 13, 2026

1

The U.S. spent $30 billion to ditch textbooks for laptops and tablets: The result is the first generation less cognitively capable than their parents

2

Current price of oil as of July 13, 2026

3

Current price of silver as of Monday, July 13, 2026

The bug that rocked the foundations of the web

By
David Nield
David Nield
Down Arrow Button Icon
By
David Nield
David Nield
Down Arrow Button Icon
April 9, 2014, 2:23 PM ET
Add Fortune on Google for similar content.

FORTUNE — Late on Monday afternoon, the details of one of the most serious security problems to ever affect the modern web were posted online. Dubbed Heartbleed, the vulnerability has major companies scrambling this week to patch their systems and could have been exploited to harvest data from millions of users. The bug has been in the wild for more than two years, and leaves no trace of suspicious activity. Some estimates suggest that two-thirds of the web has been at risk since 2011.

Heartbleed affects OpenSSL, one of the key technologies used to encrypt data online. It allows attackers to retrieve sensitive information such as usernames, passwords and credit card details from servers running the software. While OpenSSL is not used by the likes of Google, Microsoft and Apple, it’s a popular choice for countless companies large and small.

A hacker making use of the Heartbleed vulnerability can “fish” for random chunks of data on a vulnerable server. While these chunks are small, the process can be repeated again and again, and leaves no trace of any breach. The data packets returned to the hacker could include log in details, private information, email messages and even encryption keys. Those keys are particularly important, allowing a hacker to successfully emulate the site in question, leaving no clue that it isn’t genuine.

Investigative journalist and security researcher Brian Krebs has posted in depth about the exploit. He tells Fortune: “Attackers can steal the ‘keys to the kingdom,’ as it were — the private encryption keys that websites use to encrypt and decrypt all communications with visitors. As broad-scale Internet vulnerabilities go, this one is about as dangerous as it gets. While there are probably fewer than a half million sites that are vulnerable right now, many of the vulnerable sites have millions or even hundreds of millions of users.”

MORE: As Windows XP retirement nears, businesses weigh upgrade risks

Krebs points to online lists and tools that can be used to test for Heartbleed. Big-name portals such as Yahoo, Flickr, OKCupid, Zoho, 500px, Imgur and even the F.B.I. were identified as being vulnerable as the news broke. Many sites have now put fixes in place — as of Wednesday morning, Yahoo says it has rolled out an upgrade for the majority of its sites. E-mail servers and instant messenger communications are also at risk.

For any company that has a presence on the web and uses OpenSSL, this means an urgent round of upgrading and patching — or an urgent call to the relevant web hosting firm. The latest version of OpenSSL fixes Heartbleed, but a lengthy and involved process of renewing security certificates and resetting encryption keys is also required. Even when the bug has been eradicated, there’s no knowing how much data was lost in the interim, and the repercussions could be felt for years to come.

“Many Internet users will probably be asked at least once this week to change their passwords at various sites,” Krebs says. “Affected website administrators have to replace the private keys and certificates for their OpenSSL installations after patching the bug. And since this exploit for many sites seems to leaves few traces behind, many organizations will probably want to be on the safe side and will be advising users to change their passwords as well.”

MORE: You’ve already been hacked. Here’s why it’s okay

As far as end users are concerned, there’s not much choice but to sit it out and avoid affected sites until an update has been rolled out. Resetting passwords will help to shore up the breach, but only after the sites in question have been upgraded. The usual common sense approaches — keeping a close eye on credit card bills and watching for suspicious activity online — are among the best steps to staying safe.

“People often joke that ‘Oh, perhaps we should stay off the Internet’ in response to certain threats, but in this case I think that may not be a horrible idea,” Krebs says. “If you happen to log in to a site that is vulnerable, there is a more than trivial chance that some attacker will steal your credentials . . . the problem is that it’s not readily apparent to the end user which sites are fine and which are still vulnerable.”

The bug was first spotted by coders working for Google and Codenomicon, who posted an information page online and christened the vulnerability “Heartbleed” because it takes advantage of a common OpenSSL extension called Heartbeat. “Your popular social site, your company’s site, commerce site, hobby site, site you install software from or even sites run by your government might be using vulnerable OpenSSL,” warns the announcement.

This week, IT managers across the globe will be working feverishly to get their systems up to date, and praying that no one took advantage of Heartbleed. The most worrying part? They may never know.

About the Author
By David Nield
See full bioRight Arrow Button Icon
Add Fortune on Google for similar content.

Latest in

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025

Most Popular

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Fortune Secondary Logo
Rankings
  • 100 Best Companies
  • Fortune 500
  • Global 500
  • Fortune 500 Europe
  • Most Powerful Women
  • World's Most Admired Companies
  • See All Rankings
  • Lists Calendar
Sections
  • Finance
  • Fortune Crypto
  • Features
  • Leadership
  • Health
  • Commentary
  • Success
  • Retail
  • Mpw
  • Tech
  • Lifestyle
  • CEO Initiative
  • Asia
  • Politics
  • Conferences
  • Europe
  • Newsletters
  • Personal Finance
  • Environment
  • Magazine
  • Education
Customer Support
  • Frequently Asked Questions
  • Customer Service Portal
  • Privacy Policy
  • Terms Of Use
  • Single Issues For Purchase
  • International Print
Commercial Services
  • Advertising
  • Fortune Brand Studio
  • Fortune Analytics
  • Fortune Conferences
  • Business Development
  • Group Subscriptions
About Us
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • Facebook icon
  • Twitter icon
  • LinkedIn icon
  • Instagram icon
  • Pinterest icon

Latest in

Mortgage rates today, July 14, 2026
Personal Financemortgages
Mortgage rates today, July 14, 2026
By Glen Luke FlanaganJuly 14, 2026
1 hour ago
Current refi mortgage rates report for July 14, 2026
Personal Financemortgage rates
Current refi mortgage rates report for July 14, 2026
By Glen Luke FlanaganJuly 14, 2026
1 hour ago
Current ARM mortgage rates report for July 14, 2026
Personal FinanceReal Estate
Current ARM mortgage rates report for July 14, 2026
By Glen Luke FlanaganJuly 14, 2026
1 hour ago
camera
Arts & EntertainmentGen Z
Gen Z’s analog obsession is reviving a film camera market that digital killed
By Rotem Rozental and The ConversationJuly 14, 2026
1 hour ago
How Adobe’s CMO is preparing for the AI-powered era of brand discovery
C-SuiteCMO
How Adobe’s CMO is preparing for the AI-powered era of brand discovery
By Ruth UmohJuly 14, 2026
1 hour ago
infra
EnergyData centers
Data centers have already hiked electricity prices on the public by $23 billion. Good luck clawing that back
By Theodore J. Kury and The ConversationJuly 14, 2026
2 hours ago

Most Popular

The U.S. spent $30 billion to ditch textbooks for laptops and tablets: The result is the first generation less cognitively capable than their parents
Innovation
The U.S. spent $30 billion to ditch textbooks for laptops and tablets: The result is the first generation less cognitively capable than their parents
By Sasha RogelbergJuly 12, 2026
2 days ago
Current price of oil as of July 13, 2026
Personal Finance
Current price of oil as of July 13, 2026
By Joseph HostetlerJuly 13, 2026
22 hours ago
Current price of silver as of Monday, July 13, 2026
Personal Finance
Current price of silver as of Monday, July 13, 2026
By Joseph HostetlerJuly 13, 2026
22 hours ago
Trump embraces Australian retirement system backed by Larry Fink
Personal Finance
Trump embraces Australian retirement system backed by Larry Fink
By Brianna Sosa and BloombergJuly 12, 2026
1 day ago
How Pete Hegseth's DEI order just put Scouting America's future at stake
North America
How Pete Hegseth's DEI order just put Scouting America's future at stake
By Seth T. Kannarr, Derek H. Alderman and The ConversationJuly 13, 2026
13 hours ago
The U.S. and Iran can't agree on fully reopening the Strait of Hormuz. The solution could be straight out of the Old Testament
Middle East
The U.S. and Iran can't agree on fully reopening the Strait of Hormuz. The solution could be straight out of the Old Testament
By Jason MaJuly 11, 2026
2 days ago

© 2026 Fortune Media IP Limited. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy | CA Notice at Collection and Privacy Notice | Do Not Sell/Share My Personal Information
FORTUNE is a trademark of Fortune Media IP Limited, registered in the U.S. and other countries. FORTUNE may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.