“A US regulator has warned that cyber criminals could be impersonating bank services or stealing users’ online banking passwords after the “Heartbleed” bug, called one of the most significant breaches of internet security ever, was discovered in the software used to secure two-thirds of the web.”

“The Federal Financial Institutions Examination Council said on Thursday that banks using the Open SSL software should take steps to protect themselves by upgrading the software as soon as possible to address the vulnerability.”

“The regulator also suggested that financial institutions should consider replacing all the private keys for each service, which hackers could have stolen and used to access confidential information. Banks relying on third parties should also ensure their providers took action, it said.”

“A significant vulnerability has been found in OpenSSL that could allow an attacker to decrypt, spoof, or perform attacks on network communications that would otherwise be protected by encryption,” it said in a statement.

“Attackers could potentially impersonate bank services or users, steal login credentials, access sensitive email or gain access to internal networks. Potential attacks are made feasible by the public availability of exploitation tools.”

“The Heartbleed bug may have allowed cyber criminals to access anything stored in a computer’s short-term memory, from user passwords to intellectual property.”

“It is not known if hackers exploited the vulnerability before it was discovered by a group of security researchers last week. But since it was announced on Monday, experts have said cyber criminals will be racing to find which sites are still vulnerable because they have not updated their software.”

***

Read full Financial Times article here.