A recently discovered software vulnerability, which could be one of the biggest security threats the Internet has seen, has local banks and experts stressing the importance of changing your passwords.
Sensitive information such as credit card numbers and website passwords have been exposed after it was discovered last week that a software vulnerability known as Heartbleed has gone undetected for more than two years.
"This is one of the most severe we've seen as far as vulnerability is concerned," said Triona Guidry, president of Guidry Consulting, a Cary-based firm. "We know it's going to be widespread. It's going to take a very long time to stamp out the last of Heartbleed."
Heartbleed creates an opening in SSL/TLS – an encryption technology marked by the small, closed padlock and "https:" on web browsers to signify that traffic is secure. The flaw makes it possible to snoop on Internet traffic even if the padlock had been closed. Interlopers also could grab the keys for deciphering encrypted data without the website owners knowing the theft had occurred, according to security researchers.
While it isn't yet clear who has fallen victim to the vulnerability, some of the larger websites such as Google, Yahoo!, Amazon and Netflix already have confirmed they were affected. A list of some common sites and whether they were affected can be found here: at http://shawurl.com/13xk.
Before consumers change their passwords, each affected site needs to update its servers with a security patch, which many already have done, Guidry said.
Guidry said it's too early to determine the extent of the damage caused by Heartbleed, but it likely will have lasting effects in the foreseeable future.
"I think we're still assessing the damage," she said. "I think a lot of companies are still evaluating to see how vulnerable they are."
Guidry added that now is a good time to change your passwords regardless of whether your account is vulnerable to Heartbleed. Strong passwords are 12 characters long and have a combination of numbers, letters and symbols, she said. And each account should have its a unique password.
"Think of it as more of a pass phrase than a password," Guidry said. "Don't use common dictionary words. If you have plain text password, it can be very easy to exploit."
Crystal Lake Bank and Community Trust sent out a message on its social media accounts last week encouraging customers to keep their online accounts safe by using strong and unique passwords. The bank also said its systems are closely monitored for vulnerabilities, and it has taken steps to ensure customer information is secure.
Steven Finzel, president and CEO of Golden Eagle Community Bank in Woodstock, said that while his bank doesn't use the open SSL encryption and isn't vulnerable to Heartbleed, it's still important to closely monitor your accounts and frequently change your passwords.
"It's a never-ending risk these days," Finzel said. "You need to stay proactive. Track your account activity regularly."
• The Associated Press contributed to this report.