Old Internet Software Bug Could Expose Your Browsing Data

Security researchers discovered a serious vulnerability in Squid, a type of software that many organizations use to manage internet traffic. The flaw, nicknamed Squidbleed, has existed for decades and works similarly to the famous Heartbleed bug from years ago.

It can allow attackers to access sensitive data that should be private. This primarily affects organizations like companies, schools, and universities that use Squid proxy servers to manage their networks. If your workplace or your child's school uses this software, your browsing activity or login credentials could potentially be exposed when using their network.

Home internet users who connect directly through their internet service provider are not affected by this specific issue. For most families, no immediate action is needed at home.

1. If you use a work computer or school network, avoid entering sensitive passwords or accessing your bank account while connected to that network until you hear that systems have been updated.
2. Ask your IT department at work or your school's technology team if they use Squid proxy servers and whether they have applied the security patch.
3. Change any passwords you regularly use on work or school networks, especially if you have reused those passwords on other sites. This incident highlights an important principle: be extra cautious about what you do on networks you don't control. Save sensitive activities like banking or entering credit card information for your home network or your phone's cellular connection. Consider using a VPN (virtual private network) when accessing sensitive information on public or organizational networks. Treat work and school computers as less private than your personal devices.