For the past 2 years there has been a security bug that has been a threat to everyone that uses OpenSSL (open-source cryptographic software library) for their website, which is almost every website. This security bug called Heartbleed, left an opening for anyone to enter a site and take whatever information they want and leave no trace of evidence that they were there. A Google researcher found the bug. This is a very high risk since there is no way to figure out how many people have done this and to how many websites that have been attacked.
Some of the services that were affected are Gmail, Facebook and any site that has http at the beginning. There has been a fix already for the problem and most sites have been updated. The best thing to do is to change your passwords for any site that you may have that uses this security since there is no way to find out if it has been taken. The site https://lastpass.com/heartbleed/ can help you to check any website that you are unsure of it they have updated their servers.
This is very surprising that the most popular security service had an issue for two years and it wasn’t found till someone outside the company reported it. I think something this big and important should not go unpunished and the company should be fined for their negligence of the problem. There should be an investigation to see if this was done on purpose for the government or if it was an inside job to steal people’s information. This is a big inconvenience for everyone because we all know how hard it is to remember passwords and now we have to create and remember new ones.