Skip to main content

Surprise, surprise: The NSA allegedly exploited the Heartbleed Bug for years

Heartbleed is like a knife to the heart of as many as two thirds of all sites

The US National Security Agency reportedly took advantage of the vulnerability that has come to be known as the Heartbleed Bug long before the exploit was made public.

The NSA used Heartbleed "to gather critical intelligence," Bloomberg reports.

The publication says a pair of people "familiar with the matter" revealed to the NSA not only know about Heartbleed for years, but used it to its advantage as well.

Allegedly the agency kept the exploit secret, endangering the online security of millions of people, so that it could continue using it to gather passwords and other types of data.

He who denied it

The oft-assailed NSA has actually bothered to issue a statement over this, tweeting that it learned of Heartbleed at the same time everyone else did.

"Statement: NSA was not aware of the recently identified Heartbleed vulnerability until it was made public," the agency said.

Judging by other Twitter users' replies - "As if," "LOL," "Rrrrrriiiiiiiggggggghhhhhttttt," etc. - it seems some aren't satisfied by that answer.

Bleed your heart out

Heartbleed is a widespread security flaw that is said to affect as many as two thirds of all websites.

Given everything the NSA has been accused of over the last year or so, it's not surprising to learn that the agency may have used this exploit as well to gain access to internet users' private data.

Recall reports late last year that said the NSA paid millions of dollars to the security company RSA to purposely insert a backdoor in its software, giving the NSA access to otherwise secure data.

Tsk, tsk. To stay in the know, head here for a list of websites affected by Heartbleed that's constantly being updated.