Heartbleed Bug hits credit cards

A number of websites operated by Australian finance company GE Money were last week left vulnerable to hackers by the now infamous Heartbleed Bug. GE Money is recommending users of all its products, which include the Myer Visa Card, Myer Card products, Coles Mastercard and partner websites such as 28degrees Mastercard, change their passwords.

For those who haven’t heard of the Heartbleed Bug, the simplest explanation of what occurred is that a software update was released for a common piece of software found on server computers called OpenSSL, in which one of the workers forgot to close a line of code. This simple mistake left every server worldwide using Open SSL software vulnerable. It compromised the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content and allowed attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

GE Money is not suggesting that any of its services were compromised during the period between the patch to fix the bugs being implemented, but it is telling users to reset their passwords as a precaution.

A fascinating and disturbing timeline of the Hearbleed Bug, describing who found the bug, who was notified before public release of the information and which companies were vulnerable due to not being notified can be seen here.

Written by Drew

Starting out as a week of work experience in 2005 while studying his Bachelor of Business at Swinburne University, Drew has never left his post and has been with the company ever since, working on the websites digital needs. Drew has a passion for all things technology which is only rivalled for his love of all things sport (watching, not playing).