Identity theft has seen a worldwide threat in recent months thanks to the Heartbleed bug, an internet security breach in OpenSSL, a commonly-used data encryption standard used by websites in order to keep information private. The irony of the situation is obvious, especially since SSL is designed to prevent the very problem now facing all internet users. The first Heartbleed-related arrest was publicized on April 16 when 19-year-old Canadian student, Stephen Arthuro Solis-Reyes, was charged with two counts of computerized identity theft for hacking into the Canadian Revenue Agency. Solis-Reyes used the agency’s SSL vulnerability to steal more than 900 Social Insurance Numbers—the nation’s equivalent to U.S. Social Security Numbers.
Experts are working to repair the damage caused by the Heartbleed bug. While only 53 of the top 10,000 websites are still at risk, analysts are confident that Heartbleed has not seen its last victim. Hackers are eager to take advantage of the software’s weakness before sites are able to identify and prevent future theft. Analysts predict that the bug will affect online security for years.
What was exposed?
SSL encryption is used by more than 56 percent of all websites—half of which were affected by the Heartbleed bug. Information housed within many of these sites include:
• Private correspondence. Emails and real-time chats are usually harmless, but emails that contain sensitive information are another story.
• Account information. Bank accounts and personal logins may have been directly targeted by the Heartbleed bug.
• Identity verification. Just as we learned from Solis-Reyes, even your Social Security Number could be compromised. While the IRS has not issued direct warnings, accounts that contain your SSN could lead criminals to the information they need.
Which sites were affected?
The list is changing rapidly, but you’ll find an up-to-date roster here. The chart also includes specific information about each website and instructions from technical administrators. Sites affected include Facebook, Instagram, Google and Tumblr to name a few. Review the list carefully and complete the attached instructions.
What can I do?
It’s difficult to know if your information was compromised, but experts are encouraging all users to take a few precautionary measures:
• Suspend activity. Contact your account providers and ask them to cease online correspondence until your accounts and email addresses are secure. This will prevent sensitive information from exposing your identity in the future.
• Change your passwords. Affected websites are asking all users to change their passwords immediately to prevent additional problems. While a password change may be too late for some, it will safeguard many in the days ahead.
• Order credit reports. The threat of impending damage requires vigilance from all consumers. Protect your credit score by ordering free copies of your credit reports from TransUnion, Equifax and Experian. Review the information carefully and circle any suspicious activity. Repeat this process in three to six months.
• Sign up for fraud alerts and credit monitoring. If you’re nervous about facing identity theft alone, there are services to help. Ask the credit bureaus to place fraud alerts in each of your files. This measure requires identity verification before new credit is issued in your name, preventing hackers from using stolen information against you. Lexington Law also offers credit monitoring as part of our Concord Premier service level. We work with TransUnion to provide daily credit monitoring alerts, along with in-depth, personalized coaching about how your credit score may have been impacted and how smart consumers may want to respond. Whenever we detect changes within your credit reports which may positively or negatively impact your credit scores, credit monitoring alerts are quickly dispatched via email, SMS Text message, and posted to your Lexington Law account.
Heartbleed’s victim count remains unknown, but that doesn’t mean we should accept its oppression. Protect your identity and credit scores by taking proactive measures. Account protection is the best way to maintain your credit’s integrity.