Bloomberg is reporting that the Heartbleed bug, which shocked the web security community this week, has been known and actively exploited by the National Security Agency for at least two years. According to two anonymous sources familiar with the matter, the bug was kept secret in the interest of national security, while the agency used it to obtain passwords and other data. Since the bug was first committed in 2012, the report suggests the NSA maintained access for essentially the entire lifespan of the bug. The revelation implicates many services that were protected against the initial leak, including Google Mail and Amazon Web Services, since their protection against Heartbleed only dates back to a patch released last week.
Comments are closed.
