Member-supported news for Southern California
Play Live Radio
Next Up:
0:00
0:00
Available On Air Stations
Support for KPCC comes from:

'Heartbleed' could be why your credit card data was stolen

Ways to Subscribe
SAN FRANCISCO - FEBRUARY 25:  Visa credit cards are arranged on a desk February 25, 2008 in San Francisco, California. Visa Inc. is hoping that its initial public offering could raise up to $19 billion and becoming  the largest IPO in U.S. history.  (Photo Illustration by Justin Sullivan/Getty Images)
Justin Sullivan/Getty Images
File photo: Visa credit cards are arranged on a desk February 25, 2008 in San Francisco, California.

"Heartbleed" is a new vulnerability that was discovered in an online protocol called SSL, which is used to encrypt data that travels across the internet...

"Heartbleed" is a new vulnerability that was discovered in an online protocol called SSL, which is used to encrypt data that travels across the internet.

For example, if you log in to Gmail or your bank, they encrypt the data so that outside folks can't read it. To simplify, what "heartbleed" lets people do is to trick a server into giving them your data, including usernames, passwords and credit card info.

The vulnerability isn't new...it's been around for about two years.

Some of the biggest sites that have been hit include Yahoo and OKCupid, but there's no word on whether big banks have been hit just yet.

It's tough to know if you've had your information stolen, and even the websites and servers wouldn't necessarily know if someone has exploited their vulnerability. So, don't rush to change all of your passwords just yet. That's because if one of the websites is still breached, those stealing the data will still be able to collect whatever new password you put in.

Make sure everything is patched before you go ahead.

If you're curious about a particular site, it's recommended that you contact them.

Kim Zetter from Wired joins Alex Cohen to discuss.

Stay Connected