UPDATE 2-American Funds urges password change to counter 'Heartbleed' bug

Wed Apr 16, 2014 3:38pm EDT
 
Email This Article |
Share This Article
  • Facebook
  • LinkedIn
  • Twitter
| Print This Article | Single Page
[-] Text [+]

(Adds comment from security expert, detail on Akamai connection)

By Jim Finkle and Ross Kerber

BOSTON, April 16 (Reuters) - American Funds, the No. 3 U.S. mutual fund family, advised some customers to change user names and passwords on Wednesday as the number of companies and people affected by the notorious "Heartbleed" bug grows.

The company sent emails to some 825,000 clients, saying they had been exposed to "a very narrow window of risk" related to "Heartbleed," which has been described as the biggest computer security threat since the mass adoption of the Internet.

American Funds also advised customers who logged into Americanfunds.com from Dec. 12, 2013 to April 14 to create new security questions and delete their browsing history.

Heartbleed refers to a security bug in software known as OpenSSL used in about two-thirds of all websites and many other technology products. Hackers have created malicious software that exploits the bug, allowing them to attack vulnerable websites and steal data.

Dan Guido, chief executive of cybersecurity startup Trail of Bits, said more warnings are likely because no company will want to be remiss in trying to protect customers.

"I expect to see a lot more of this," Guido said.

On Tuesday, Canada's Tax authority became the first major organization to report an attack related to Heartbleed, and more are expected. Canadian police on Wednesday charged a 19-year-old man in connection with exploiting the bug to steal taxpayer data.   Continued...