While most major services you use like Facebook, Google, Yahoo, Twitter and others have likely (and hopefully) patched up any security holes at risk from the Heartbleed bug, U.S. regulators are warning banks to update their systems as well, and quickly.
The Federal Financial Institutions Examination Council says the Heartbleed encryption bug could’ve allowed hackers to access the private encryption keys to banks’ servers, potentially giving them access to your personal information, reports the Wall Street Journal.
The Federal Deposit Insurance Corp. is a member of the council, and said it isn’t aware of anyone using the Heartbleed flaw to attack, but banks should pretty much know they’re big targets for a breach. You know, what with all that financial information and money they deal with.
Some banks have responded to the Heartbleed brouhaha, saying they’re checking their systems and haven’t found any breaches.
“Bank of America has experienced no issues as a result of the Heartbleed Bug, and has determined our sites are not vulnerable,” a spokesman told the WSJ.
Citigroup says the bank’s “initial assessment indicates it has not impacted our retail banking or credit card websites, and we are taking appropriate steps to safeguard all of our websites.”
A Wells Fargo spokeswoman said the “vulnerabilities associated with Heartbleed have had no impact on the safety of banking online with Wells Fargo.”
The alert focused more on the internal passwords and systems used by bank employees, rather than warning bank customers that their accounts could’ve been compromised.
Again, if you haven’t changed your passwords yet (check this handy list from Mashable of which ones you definitely need to change) you should. And don’t use the same password across numerous sites, if you can avoid it.
U.S. Regulators Tell Banks to Plug ‘HeartBleed’ Security Hole [Wall Street Journal]