First Heartbleed attack reported; taxpayer data stolen
Canadian police arrest a man they say used the notorious bug to nab about 900 social insurance numbers, along with other possible data.
The Heartbleed bug has caused widespread anxiety, sent engineers scrambling into patch-mode, and likely prompted millions of users to re-invent their passwords, but so far there have been no accounts of attacks leveraging the bug… until now.
In the first known report of an attack using the security flaw, Canadian police have arrested a man who allegedly used Heartbleed to steal user data from the government’s tax Web site, according to Reuters.
Authorities discovered earlier this week that the Canada Revenue Agency (CRA) site was hacked into over a six-hour period and the Heartbleed vulnerability was exploited to nab roughly 900 social insurance numbers and possibly other information from Canadian taxpayers. artickle from CNET