Jump to content

Heartbleed: Canada Revenue Agency and Mumsnet become first victims of OpenSSL


Recommended Posts


Hackers have used the recently discovered OpenSSL security flaw, codenamed Heartbleed, to steal data from the Canada Revenue Agency (CRA) and Mumsnet networks.

CRA commissioner Andrew Treusch confirmed the breach in a public statement, revealing as many as 900 taxpayers' details have been compromised.

"Regrettably, the CRA has been notified by the Government of Canada's lead security agencies of a malicious breach of taxpayer data that occurred over a six-hour period," read the advisory.

"Based on our analysis to date, social insurance numbers of approximately 900 taxpayers were removed from CRA systems by someone exploiting the Heartbleed vulnerability."

Heartbleed is a flaw in the OpenSSL implementation of the transport layer security (TLS) protocol. The security vulnerability, as discussed in the video below, was discovered by researchers with a Finnish company called Codenomicon earlier in April.

The flaw has caused concern within the security community as the OpenSSL encryption protocol is used by open-source web servers such as Apache and Nginx, which host 66 percent of all websites.

The Mumsnet network also confirmed falling victim to an attack targeting the Heartbleed vulnerability in an email to users, obtained by V3.

"On Thursday 10 April we at Mumsnet HQ became aware of the bug and immediately ran tests to see if the Mumsnet servers were vulnerable. As soon as it became apparent that we were, we applied the fix to close the OpenSSL security hole (known as the Heartbleed patch). However, it seems that users' data was accessed prior to our applying this fix," the email said.

"On Friday 11 April, it became apprent that what is widely known as the 'Heartbleed bug' had been used to access data from Mumsnet users' accounts."

Both the CRA and Mumsnet have installed a fix from the OpenSSL Project that plugs the Heartbleed flaw, but recommended users change their passwords as soon as possible to protect themselves from follow-up attacks.

Data breaches are an ongoing issue for businesses across all industries. Security firm Symantec reported earlier in April that hackers' compromised more than 552 million web users' identities over the past year.


Link to comment
Share on other sites

  • Replies 2
  • Views 1.5k
  • Created
  • Last Reply

Top Posters In This Topic

  • dMog


  • jackieo


  • Reefa


Top Posters In This Topic

yea we could not file our taxes online for a few days here....the online services were all shut down for 5 days

Link to comment
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...