Hackers who exploited the infamous most bug heartbleed stole data from a UK parental website and the Canadian tax office.
According to Mumsnet, which has 1,5 million registered members, the government may have committed codes and personal messages before the necessary patches are passed. Also, the Canada Revenue Agency has announced that it has overcame 900 social security numbers.
These are the first confirmed "victims" of Heartbleed. As Mumsnet founder Justine Roberts told the BBC, it became apparent that user data was at risk when she found that the username and code were used to post a message online.
"On Friday 11 April it became apparent that the bug known as Heartbleed was used to gain access to Mumsnet user accounts data" refers to email to members of the site. "We have no way of knowing which members were affected by it. The worst case scenario is that access to each account data has been gained. "
As Roberts reported, the hackers who carried out the attack informed the site's administrators that the attack was linked to Heartbleed and informed them that the company's data was not safe.
As far as the Canadian service is concerned, it is noted that it was one of the first major operators to discontinue their online services due to the security problem in OpenSSL, used for communications security.
"Unfortunately, the CRA was briefed by the Canadian security services on a malicious tax fraud, which took place within six hours," a message said on its website.
"Based on our analysis so far, social security numbers of around 900 taxpayers have been overwhelmed by CRA systems by someone who has exploited Heartbleed."
Other systems that are thought to have been affected by Heartbleed are Imgur, OKCupid, Eventbrite, and the FBI website.
Σύμφωνα με δημοσίευμα του Guardian, το Heartbleed συνιστά κίνδυνο και για καταναλωτικές συσκευές όπως smartphones, routers κ.α. Όπως επισημαίνεται, υπάρχει κίνδυνος που ξεκινά από υποκλοπή δεδομένων και φτάνει μέχρι και απόκτηση control one deviceς. Σημειώνεται ότι η Cisco ανακοίνωσε ότι κάποια από τα προϊόντα της είναι ευάλωτα στο Heartbleed, περιλαμβάνοντας desktop τηλέφωνα, λογισμικό video conferencing και λογισμικό VPN.