Report: NSA exploited Heartbleed for years

After recent revelations about the existence of Heartbleed security flaw in OpenSSL encryption, Friday afternoon, Bloomberg reported that the National Security Agency has been aware of and actively exploiting the Heartbleed bug for at least two full years, citing "two people familiar with the matter."

Putting the Heartbleed bug in its arsenal, the NSA was able to obtain passwords and other basic data that are the building blocks of the sophisticated hacking operations at the core of its mission, but at a cost. Millions of ordinary users were left vulnerable to attack from other nations' intelligence arms and criminal hackers.

However, the National Security Agency denied to have been aware of the bug.

"NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private-sector cybersecurity report. Reports that say otherwise are wrong," the agency said in a statement to NBC News.

Web services have scrambled since the revelation of Heartbleed to fix the bug. Several companies including Facebook, Google and Yahoo have confirmed they are clear. Most recently, Apple confirmed to Re/code its services like iOS and Mac OS X were not impacted.

Read more -here-

• Dropbox breach exposes customer credentials, authentication data
• Google: Passkey authentications top 1 billion across 400 million accounts
• FTC fines Razer for misrepresenting COVID masks as N95s
• FCC fines Verizon, AT&T other major carriers nearly $200 million for sharing customer data
• Federal regulators accuse Amazon executives of deleting messages
• FCC restores net neutrality rules