Following the discovery of a major bug known as “Heartbleed,” Tumblr has sent out a note encouraging users to change the passwords for all of their online accounts immediately.
The Heartbleed bug makes it possible for hackers to retrieve code from websites and other online services that would give them access to other information, including user data and passwords. The bug affects services that use the widely popular OpenSSL security library.
OpenSSL is the technology that secures websites that use HTTPS encryption to keep data protected. Users might recognize this from the URL of many of the websites that they use on a regular basis.
“The little lock icon (HTTPS) we all trusted to keep our passwords, personal emails, and credit cards safe, was actually making all that private information accessible to anyone who knew about the exploit,” Tumblr said in a blog post.
The Heartbleed bug affects only one version of OpenSSL, and a fix for the problem has already been issued.
But the vulnerability was only recently discovered, and the affected version of OpenSSL has been around for two years. It is also impossible to trace whether a hacker has taken advantage of the bug to steal data from any websites and online services that were using the vulnerable version of OpenSSL
“This might be a good day to call in sick and take some time to change your passwords everywhere -- especially your high-security services like email, file storage, and banking, which may have been compromised by this bug,” Tumblr said.
The social network, which is owned by Yahoo, said it has already taken action to implement the fix for OpenSSL on its service. Tumblr said it has no evidence of being breached by hackers using the Heartbleed bug.
The bug was discovered by Neel Mehta of Google’s security team as well as a team of security engineers at Codenomicon, a security website that has created a website with information about Heartbleed.