NSA deny knowing about the Heartbleed bug

The National Security Agency (NAS) have denied that they were aware of the Heratbleed bug before the security flaw was made public.

Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong. The Federal government was not aware of the recently identified vulnerability in OpenSSL until it was made public in a private sector cybersecurity report.

The Federal government relies on OpenSSL to protect the privacy of users of government websites and other online services.

If the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL.

– Spokesperson Caitlin Hayden, US National Security Council

The denial follows claims the NSA had known about the flaw for up to two years.

Advertisement

Heartbleed hack steals data from Mumsnet

The leading UK site for parents has had users data compromised by hackers then using 'Heartbleed' exploit. Technology firms have urged the public to change passwords amid fears the Heartbleed bug could leave sensitive data vulnerable to hackers.