News of the security bug first came out the previous day, April 7, after Siegrist and much of his team at LastPass, a Password security company, had already left the ****** for the day. It wasn't until the following morning they learned Heartbleed potentially allowed attackers to extract 64 kilobyte batches of memory at random.
"That is significantly worse than most bugs that occur," Siegrist, CEO of LastPass, told Mashable. "You don't k**w what exactly was in the payload of those Heartbleed messages: It could be user names and passwords. It could be financial data. It could be the SSL certificate, which is especially bad." Read more...