What the Heartbleed Bug Looks Like to Hackers

Apr 11, 2014 10:28am

This is what hackers see when they exploit the Heartbleed bug to steal private data, such as passwords and credit card numbers, from vulnerable users, according to malware analyst Mark Loman.

The bug exploits a flaw in Open SSL software that leaves private information up for grabs on sites that aren’t protected.

Read More: ‘Heartbleed’ Online Bug: How to Protect Yourself

Loman tweeted this photo of what he said was the bug in action earlier this week on Yahoo. The company said it has since fixed the vulnerability.

The code on the left is translated into readable characters on the right side, which can include usernames, passwords and credit card numbers.

The red highlighting in the photo was added by Loman to redact the private information a hacker would see.

The bug was discovered by a team of security engineers at tech company Codenomicon and Neel Mehta of Google Security and has left an estimated half-million websites vulnerable.

Adam Levin, co-founder and chairman of IDentity Theft 911, told ABC News users should find out what a site is doing to get protected.

“Once the problem is solved, then change your password — make each new password unique and hard to crack,” Levin said. “With any type of exposure, be extra careful of cyber thieves that look to harp on news to take advantage of consumers. Be cautious of shared links and news about the bug.”

ABC News’ Susanna Kim contributed to this report.

You are using an outdated version of Internet Explorer. Please click here to upgrade your browser in order to comment.
blog comments powered by Disqus