Bleeding Hearts Online: How the “Heartbleed” Bug Affects Online Gamblers
Posted: April 9, 2014
Updated: October 4, 2017
Heartbleed poses a threat to the entire spectrum of internet users, and if you gamble online, it could make your credit card numbers and bank account information vulnerable to identity theft.
The recently discovered “heartbleed” bug has created a minor panic in the tech and iGaming communities. Heartbleed is a bug embedded in web encryption technology which can make data stored on many websites vulnerable to hackers, Reuters reports. This has serious implications for the internet gambling industry because players store their credit card and bank account information with online casinos in the UK
, Canada, US and elsewhere. If your casino of choice uses OpenSSL to store information, you could be at risk of identity theft. Let’s take a look at the details surrounding heartbleed:
What is it?
OpenSSL 1.0.1, nicknamed “heartbleed,” is a bug which undermines the web encryption tools used by many sites, including Yahoo and its numerous branch sites. The bug was discovered in the encryption program OpenSSL by researchers with Google and the security firm Codenomicon. According to a statement from Amazon, who has been potentially compromised by the bug, it allows hackers to “identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content.”
• The OpenSSL bug referred to as “heartbleed” was recently discovered by researchers at Google and the web security firm Codenomicom
• Heartbleed makes information stored by hundreds of millions of websites vulnerable to hackers
• Users are advised to avoid using the internet for a few days as well as change their passwords and delete their browsing history
Making matters worse is that victims can’t tell if their information has been accessed and the bug is believed to have existed for two years, leaving a large of window of information which could be vulnerable. OpenSSL is the web’s most commonly used encryption program, and according to Netcraft’s survey of almost 1 billion websites, it is used by 66 percent of them. This means that almost any information you’ve shared over the web within the past two years could conceivably have been accessed by hackers:
“Your popular social site, your company’s site, commerce site, hobby site, site you install software from or even sites run by your government might be using vulnerable OpenSSL.”
Bugs are common and are usually fixed by each new version of the software program in question. Heartbleed is special, however, due to the amount of information it makes vulnerable to hackers and how long it has been in existence. Codenomicon (which uses OpenSSL) hacked themselves in order to gauge the depth of the program and deemed the threat posed by heartbleed to be serious: “After seeing what we saw by “attacking” ourselves, with ease, we decided to take this very seriously.” Programmer Scott Galloway told CNET how easy it was for him to access encrypted Yahoo passwords: “Ok, ran my heartbleed script for 5 minutes, now have a list of 200 usernames and passwords for yahoo mail…TRIVIAL!”
What is being done about it?
Yahoo worked quickly to repair its encryption system and has now been deemed safe. A new heartbleed-less version of OpenSSL has been released, but it still has to be adopted by the countless websites which are still using technology infected with the bug. Given the gargantuan amount of sites using OpenSSL the total switchover to the new version will take some time. That means that your information can still be vulnerable, and you should take steps to protect your passwords and credit card numbers. If you use internet of mobile betting sites, find out if the site uses OpenSSL. Cryptology consultant Filippo Valsorda has developed a program (http://filippo.io/Heartbleed/) to test if a website is vulnerable to heartbleed.
Heartbleed’s effect on online gambling sites
Security experts recommend that you stay off of the internet for 2-3 days while the bug is worked out and sites make repairs, but this is unrealistic for most people. You should change all of your passwords and if you continue to use the internet, make sure that you delete your browsing history and don’t allow sites to remember your password. You should also check your bank statement every 12 hours to make sure that funds haven’t mysteriously disappeared. If they have, you can bet that heartbleed is the culprit.
If you gamble or use online sportsbooks in Canada, the UK or anywhere else, don’t underestimate this threat. We recommend that for your online activities you use a paypal account rather than your ordinary bank account. This limits your financial exposure to threats like heartbleed. With regards to your online gambling or betting account, follow the steps mentioned above. Also, you should absolutely take a break from gambling online until your casino informs you that the threat has been fixed.