If more clear evidence were needed that cybercriminals are watching – and using – the Heartbleed bug, here is the sad case of an internet user who mocked the bug only to have his accounts hacked.
A poster on a Washington Post story challenged Heartbleed hackers to use the bug to access online accounts such as Facebook and Twitter, and “within minutes” they had obliged. The poster had said that the fears over the bug were overblown.
The anonymous user posted two passwords online, according to The Telegraph’s report, and challenged criminals and experts to break into his online ‘life’’. He said, “Two years already the thing has been running loose … and not a word of someone crying over its damage.”
More daringly, he challenged hackers to “sneak into my WaPo, NYT or CNN accounts and go crazy making comments in my name. Break-into my Facebook or Twitter profiles and change my hometown to Gas City Indiana, swap-out my avatar with a picture of your nads, make friends with people I don’t know.”
The anonymous user – he would not reveal his real name after his Twitter, WordPress and other accounts were hacked – found that the Heartbleed hackers did so rapidly, with his Twitter account used to post statements such as “I am really stupid,” amongst other things including his wish to live in Gas City Indiana on Facebook being honored.
Some commenters said that he deserved his punishment – others questioned whether any real user would do such a thing.
The Post commented, “It’s possible that this is a hoax — somebody set up fake accounts on these various services and deliberately hijacked them to manufacture a story from nothing. But the lesson is no less valid: Share your credentials online, and you won’t have to worry about getting hacked — you’ll have done all the hard work for the criminals.
Author Rob Waugh, We Live Security