In what’s sure to be the first of many to come, a 19-year-old Canadian man was arrested for exploiting the Heartbleed bug to lift taxpayer data from a government website, making this the first official Heartbleed-related arrest. According to the Canada Revenue Agency (CRA), the suspect, Stephen Solis-Reyes lifted at least 900 social insurance numbers by exploiting the Heartbleed vulnerability.
While the agency has yet to determine whether or not that was the extent of the theft, Solis-Reyes is being charged with unauthorised use of computer and mischief in relation to data.
Since Heartbleed is undetectable by definition, this arrest raises the question of how exactly he was caught. Maybe he was using the data he stole, but the details aren’t clear so far. What’s more, we also have no idea whether the exploit happened before or after the bug went public. Either way, it’s highly unlikely this is going to be an isolated case. So if you haven’t already, please, let this be a reminder — change your damn password. [Reuters]