Heartbleed bug 'could affect 50% of websites'

The padlock logo indicates that a company is using the OpenSSL security programme Credit: Tim Goode/EMPICS Entertainment

Around half of all websites are vulnerable to a security glitch which may allow hackers to access passwords and possibly financial information, a tech expert has told ITV News.

The Heartbleed bug affects OpenSSL, the product which puts a small padlock symbol on a website to reassure customers and users that their data is safe.

There have been warnings that people should "change all of their passwords" to secure themselves against the possible threat.

Mike Butcher, the editor of TechCrunch Europe, warned that smaller firms may not know they are vulnerable.

The risks are that an attacker could get at the server that runs a website to spit out its secret keys, allowing them to read to any encrypted communication. It means they can steal passwords and even financial information. About 50% of websites globally are vulnerable. Major companies are almost certainly aware but small companies running small sites may not be. And there are many of those. Even big companies are scrambling to patch up this bug.

Fortunately, Finnish security firm Codenomicon has already set up a dedicated website to help users and companies protect themselves against the new threat.

Another site, LastPass, has a 'Heartbleed Checker' that lets a user type in a web address to see if a site is at risk from the bug.

Big firms including Facebook,Twitter and Instagram have already released statements to reassure their users that they are upgrading their defences against hacking.

Instagram said they had found "no evidence" of any attempted data theft, while Facebook said they had not seen "any signs of suspicious account activity".

Other firms, such as jobs networking site LinkedIn, said they had not used OpenSSL in the first place and were therefore not at risk.