The First Wave of Heartbleed Attacks Have Struck

Heartbleed, which sounds more like an emo band than serious security vulnerability, is feverishly plaguing the internet with discussions about possible catastrophic outcomes and stirring fear into the hearts and minds of those who are watching it unfold. But unlike the fictitious screaming musical outfit threatening to make your ears and heart hurt with feelings, Heartbleed has actually been exploited.

But first, what’s Heartbleed? It’s a little complicated, so here’s an 8-minute video that breaks it down.

Still confused? Reddit user psujimblue breaks it down even further, explaining it like you’re five-years-old.

Unfortunately, the first wave of attacks have already taken place. Canada’s Revenue Agency recently announced that over 900 social insurance accounts had been stolen over a 6-hour breach. In response, they took down their public server and announced that they would beef up their security as well as mail those who were affected.

But that’s not all. This vulnerability not only affects websites but smartphones, too. Even though Google released a patch for its Android OS, version 4.1.1 (best known as Jellybean) still remains vulnerable, which could mean the theft of private data for millions of smartphone users.

As more reports of vulnerabilities sprout left and right, a hero emerges from the University of Texas: dubbed “Red Herring.” Red Herring creates a “virtual honeypot,” a fake server trap that lures potential hackers into believing that they have accessed the Heartbleed vulnerability, but instead, it hooks on to those perpetrating the site and monitors analyzes, and traces their activity right to the source.