Social network Tumblr has urged its users to change their passwords after it emerged that a newly discovered bug dubbed “Heartbleed” has made data on many of the world’s major websites vulnerable to theft by hackers.
The bug — which represents one of the most serious global security flaws revealed in recent years — makes it possible for hackers to retrieve code from websites that would give them access to other information, including user data and passwords.
“The little lock icon (HTTPS) we all trusted to keep our passwords, personal emails, and credit cards safe, was actually making all that private information accessible to anyone who knew about the exploit,” Tumblr said in a statement on Tuesday.
Since news of the security flaw reached the public domain late on Monday, thousands of websites have been reviewing their servers to see if they were using vulnerable versions of a type of software known as OpenSSL.
“This might be a good day to call in sick and take some time to change your passwords everywhere — especially your high — security services like email, file storage, and banking, which may have been compromised by this bug,” Tumblr added.
The Yahoo-owned social network says it has taken action to fix the security flaw, adding that it has no evidence that its user data have in fact been breached by the Heartbleed bug.