You're being asked to change all of your passwords to protect yourself from the "Heartbleed Bug"
The breakdown affects encryption technology that is supposed to protect online accounts for emails, instant messaging and a range of e-commerce. Security experts are advising people to change all their online passwords -- but only after Internet services affected by Heartbleed install software released yesterday to fix the problem.
But changing all of your passwords can be cumbersome, never mind confusing in some cases.
But the password security firm LastPass has set up a website for you to check which sites have been compromised.
You can check it out here.
The Heartbleed Bug came to light after the Canada Revenue Agency temporarily cut off public access to its electronic services over security concerns, preventing Canadians from being able to file their taxes online.
In a statement posted on its website, the CRA says it has temporarily shut down public access to its online services to safeguard the integrity of the information it holds.
The affected services include EFILE, NETFILE, My Account, My Business Account and Represent a Client.
It says it's working to restore safe and secure access as soon as possible.
Computer security experts warn the Heartbleed threat went undetected for more than two years.
They say it has exposed millions of passwords, credit card numbers and other sensitive bits of information to potential theft by computer hackers.
Meanwhile, researchers are advising people to change all of their passwords.
The flaw was discovered independently in recent days by researchers at Google Inc. and the Finnish security firm Codenomicon.
The breach involves SSL/TLS, an encryption technology marked by the small, closed padlock and ``https:'' on Web browsers to signify that traffic is secure. With the Heartbleed flaw, traffic was subject to snooping even if the padlock had been closed.
The problem affects only the variant of SSL/TLS known as OpenSSL, but that happens to be one of the most common on the Internet.
Tech Analyst Carmi Levy joins Moore in the Morning to explain why Heartbleed could be one of the biggest web security threats in recent years and says you should change your internet passwords as soon as possible...
Researchers at Codenomicon say that OpenSSL is used by two of the most widely used Web server software, Apache and nginx. That means many websites potentially have this security flaw. OpenSSL is also used to secure email, chats and virtual private networks, which are used by employees to connect securely with corporate networks.
Despite the worries, Codenomicon said many large consumer sites don't have the problem because of their ``conservative choice'' of equipment and software. ``Ironically smaller and more progressive services or those who have upgraded to (the) latest and best encryption will be affected most,'' the security firm added.
A fix came out Monday, but affected websites and service providers must install the update.
Yahoo's Tumblr blogging service uses OpenSSL. In a blog post Tuesday, officials at the service said they had no evidence of any breach and had immediately implemented the fix.
``But this still means that the little lock icon (HTTPS) we all trusted to keep our passwords, personal emails, and credit cards safe, was actually making all that private information accessible to anyone who knew about the exploit,'' Tumblr's blog post read. ``This might be a good day to call in sick and take some time to change your passwords everywhere _ especially your high-security services like email, file storage, and banking, which may have been compromised by this bug.''
Yahoo Inc. said its other services, including email, Flickr and search, also have the vulnerability. The company said some of the systems have already been fixed, while work is being done on the rest of Yahoo's websites.
The company reiterated its standard recommendation for people to change passwords regularly and to add a backup mobile number to the account. That number can be used to verify a user's identity if there are problems accessing the account because of hacking.