A new security bug has been found in OpenSSL,the cryptographic library that secures most of the internet's websites, and Yahoo is one of the of the most well-known domains known to have been compromised.
Security researchers are very concerned as the bug - dubbed Heartbleed - has been around for two years and affects encryption of data sent over the internet, meaning users' passwords and other sensitive data are open to being spied on.
Other websites featured on the top 1,000 websites list compiled by Mustafa Al-Bassam(a former member of the LulzSec hacker collective who is now a computer science student) include popular websites like Imgur, Flickr, OKCupid, WeTransfer, Eventbrite, Web.de, Outbrain, Stackexchange and Kickass Torrents.
It will be difficult to discover if or when you have been compromised as attackers are able to exploit the flaw without leaving any trace of their presence.
OpenSSL is the software library used in servers, operating systems, email and instant messaging systems to protect internet traffic as it travels back and forth. More than 53% of the web servers which host more than 500 million websites use the software which relies on OpenSSL
(Source: NetCraft)
Discovered
The bug was first brought to light by security firm Codenomicon, who attempted to attack their own servers:
