The crown jewel of secure websites is a single string of data - a very long jumble of letters and numbers and symbols that looks like gibberish. The Heartbleed bug allows hackers to crack it.
Security professionals demonstrated last weekend that the recently disclosed Heartbleed bug can be exploited to allow criminals and intelligence agencies to make off with one of the most sought-after prizes in hacking: the private keys that websites rely on to decrypt sensitive information, including passwords, banking details and health data.
At least six people were able to extract the private key of a website in a test of the bug’s viability organized by CloudFlare Inc., said Nick Sullivan, a security architect with the Internet security company. The results suggest hackers have stolen encryption keys using the bug and are planning attacks, he said.