One year after the massive security flaw, Heartbleed, was revealed to the public, a new study found that up to 74 percent of companies in the Global 2000 are still vulnerable to being hacked via the bug.
The flaw grabbed widespread media attention when it was revealed in 2014, and made countless businesses scramble to fix their servers. But a study released this week by Venafi, a Salt Lake City, Utah-based cybersecurity firm, shows those efforts were not always enough.
Cybercriminals can still exploit the vulnerability to gain usernames and passwords as well as sensitive business and financial data, the study found.
"Heartbleed is still prevalent," said Josh Abraham, vice president of services at Austin Texas- headquartered Praetorian, a cybersecurity company that helps organizations minimize risk. Heartbleed affects OpenSSL, a software which allows websites to communicate information securely over the Internet.
Venafi compared historical vulnerability scans for Global 2000 business over the past year and found that 1,223 companies in the Global 2000 were still potentially vulnerable to the virus. In addition, from August 2014 to April 2015, the scans found only 2 percent more companies (from 387 companies to 419 companies) had completed their Heartbleed fixes.
A separate study by researchers from Northeastern University, Stanford University and University of Maryland released in November also found that more needed to be done by businesses to fix the Heartbleed vulnerability.