Reports Reuters on April 16, via MSN News: “Canadian police have arrested a 19-year-old man and charged him in connection with exploiting the ‘Heartbleed’ bug to steal taxpayer data from a government website… In what appeared to be the first report of an attack using a flaw in software known as OpenSSL, the Canada Revenue Agency (CRA) said this week that about 900 social insurance numbers and possibly other data had been compromised as a result of an attack on its site.”
The teen, identified as London, Ontario resident Stephen Solis-Reyes, now faces criminal charges of “unauthorized use of computer and mischief” in relation to compromised data. Essentially, the Solis-Reyes used Heartbleed to tap into the Canadian “IRS” as it were, stealing personal data.
“It is believed that Solis-Reyes was able to extract private information held by CRA by exploiting the vulnerability known as the Heartbleed bug,” Canadian police said in a statement.
The Heartbleed bug was an error in the code for OpenSSL, a technology used by two-thirds of the Web's servers to keep sensitive data secure. Heartbleed could be used to easily circumvent OpenSSL and quickly gain access to user data, including their passwords.Because of the hack, the CRA actually shut down its web site completely last week after the vulnerability was discovered. Solis-Reyes also singlehandedly pushed back Canada's tax-filing deadline from April 30 to May 5.
The Heartbleed bug makes it possible for hackers to retrieve code from websites and other online services, granting them access to information ranging from personal information, to locator information, to banking and credit card numbers.