Norwegian telecommunications giant Telenor urged its customers to change their passwords on Thursday, saying it has upgraded its security systems. The security flaw known as ‘Heartbleed’ has exposed major internet services globally to the risk of user information theft.
Heartbleed is a bug in OpenSSL, an online encryption security service designed to protect personal information against hacking and fraudulent use. OpenSSL has been on the market since 2012 and is widely used, reported newspaper Dagens Næringsliv. Experts said the fault has been there the whole time, exposing passwords and other information. Attacks are traceless, so consumers may have had private information stolen without realizing.
Norway’s National Security Authority (Nasjonal sikkerhetsmyndighet, NSM) instructed all online services that may have been compromised to upgrade their security. Norwegian Broadcasting (NRK) reported websites had to upgrade their software first, then users should change their passwords. If passwords were changed before the hole was sealed, the information remained vulnerable.
“We have now upgraded our online services to close the vulnerability in OpenSSL,” said Telenor Norway’s security director, Hanne Tangen Nilsen. “On our services it’s now safe to follow the Norwegian authorities’ advice to change passwords.”
NRK reported large Norwegian banks including DNB, Nordea, Skandiabanken, Sparebank1 and Eika weren’t affected by the security breach.