• News
  • NBC News NOW
  • Nightly News
  • Meet the Press
  • Dateline
  • MSNBC
  • TODAY
  • Impeachment Inquiry
  • Politics
  • U.S. News
  • Business
  • World
  • Tech & Media
  • OPINION
  • Health
  • Sports

  • Share this  —

Sections

  • U.S. News
  • Politics
  • World
  • Local
  • Business
  • Health
  • Investigations
  • Culture Matters
  • Science
  • Sports
  • Tech & Media
  • Decision 2020
  • In Focus
  • Photos
  • Weather
  • Shopping

TV

  • Today
  • MSNBC
  • Nightly News
  • Meet The Press
  • Dateline

Featured

  • NBC NEWS NOW
  • THINK
  • BETTER
  • NIGHTLY FILMS
  • NBC LEFT FIELD
  • ASIAN AMERICA
  • NBC LATINO
  • NBCBLK
  • NBC OUT
  • STAY TUNED
  • SPECIAL FEATURES

More from NBC

  • CNBC
  • NBC.COM
  • NBC LEARN
  • Peacock Productions
  • Next Steps for Vets
  • Parent Toolkit
  • NBC Archives
  • Know Your Value

Follow NBC News

  • Facebook
  • Twitter
  • Email
  • SMS
  • Print
  • Whatsapp
  • Reddit
  • Pocket
  • Flipboard
  • Pinterest
  • Linkedin

Security

Hackers Use Heartbleed Bug to Attack 'Major Corporation'

Image: A lock icon, signifying an encrypted Internet connection
Researchers announced on April 7 that they have uncovered a security bug in OpenSLL dubbed Heartbleed.MAL Langsdon / Reuters

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.
SUBSCRIBE
April 18, 2014, 11:35 PM UTC / Updated April 18, 2014, 11:35 PM UTC

Hackers took advantage of the Heartbleed vulnerability to break into a major corporation’s network, less than a day after the bug was brought to the public’s attention, security experts told The New York Times.

Officials with Mandiant, an Alexandria, Va.-based network security firm, said in a blog post Friday that a hacker or hackers leveraged the Heartbleed bug to break into an employee’s virtual private network, or VPN.

“Once connected to the VPN, the attacker attempted to move laterally and escalate his/her privileges within the victim organization,” Mandiant said.

Researchers announced on April 7 that they have uncovered a security bug in OpenSLL dubbed Heartbleed.MAL Langsdon / Reuters

Mandiant didn’t identify the company by name, but a Mandiant investigator told the Times it is a “major corporation.”

The attack occurred on April 8, just one day after the Heartbleed bug became public knowledge. Officials are still assessing what, if any, damage was caused by the hack, the Times said.

Heartbleed is a serious security flaw in OpenSSL, the software that a huge number of websites use to encrypt and transmit data. Hackers exploiting the bug can gain access to sensitive private information such as usernames and passwords.

To date, much of the discussion about Heartbleed has focused on an attacker using the vulnerability to steal private encryption keys from a Web server. The case cited by Mandiant exposed another danger: the potential for hijacking user sessions while employees are logged on to a corporate network.

The Mandiant case is one of the first known attacks involving Heartbleed. Earlier this week, Canadian police charged a 19-year-old man in connection with exploiting the bug to steal taxpayer data from a government website.

— NBC News

  • About
  • Contact
  • Careers
  • Privacy policy - New
  • Do Not Sell My Personal Information
  • Terms of Service
  • NBCNews.COM Site Map
  • Advertise
  • AdChoices

© 2019 NBC UNIVERSAL