On Friday, Bloomberg ran a damning report about the National Security Agency knowingly exploiting the two-year-old Heartbleed bug as part of its surveillance efforts. The NSA has shot back, denying such allegations, according to Mashable.
“NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private-sector cybersecurity report,” an NSA representative told Mashable. “Reports that say otherwise are wrong.”
Made public earlier this week, Heartbleed is a bug in the OpenSSL encryption, affecting about two-thirds of the Internet’s websites. It’s said to be the most devastating vulnerability in Internet history, one that’s impacted tech giants including Google, Facebook, Yahoo, Amazon, Juniper, and Cisco.
Citing two anonymous sources, Bloomberg’s report said the NSA discovered Heartbleed soon after its introduction, and used it to obtain passwords and other data while leaving millions of users vulnerable.