You’ve probably heard a bit about the Heartbleed security flaw in the OpenSSL protocol that was recently exposed. The back door had apparently left dozens of public companies open to exploit, including sites you probably use every day, like your bank, social networks such as Facebook and Instagram, and more.
Now, a report from Bloomberg suggests that the NSA may have actually used the Heartbleed exploit to enter into public companies and gather private data. Bloomberg said Friday that the NSA knew about the major security flaw in OpenSSL and, instead of warning anyone against it, kept it secret to use as its own backdoor.
“The agency found the Heartbleed glitch shortly after its introduction, according to one of the people familiar with the matter, and it became a basic part of the agency’s toolkit for stealing account passwords and other common tasks,” Bloomberg said, noting that the NSA regularly seeks out these sort of vulnerabilities so that it can gain entrance into other computer systems as needed. Another expert speaking to the news outlet said that the NSA’s actions are probably going to come under heavy scrutiny, because the agency is supposed to put “defense first” but instead opted to leave the hole open and unreported.
One has to wonder if the NSA used this to enter into Facebook, Microsoft, Apple and other major tech firms the NSA penetrated, according to leaks provided by Edward Snowden in 2013. So far it’s only apparent that the NSA knew about Heartbleed and used it, but whether or not it used it against United States companies is currently unknown.