Home / Software & Gaming / Security / The first Heartbleed hacker has been arrested

The first Heartbleed hacker has been arrested

The Heartbleed bug has been around for a couple of years but it caused quite a stir when it was publicly revealed last week. However, there had been no reports of people abusing the bug until now, a Canadian hacker has become the first person to get arrested for abusing the Heartbleed bug.

The Canadian used the bug to steal information from the government’s tax website, during the attack he managed to get his hands on 900 social security numbers as well as other tax payer information. CRA Commissioner, Andrew Treusch, gave a statement: “The CRA worked around the clock to implement a ‘patch’ for the bug, vigorously test all systems to ensure they were safe and secure, and re-launch our online services. The CRA is one of many organizations that was vulnerable to Heartbleed, despite our robust controls.”


Stephen Solis-Reyes is just 19 years old, he was taken in to custody yesterday. His computer equipment was seized and he currently faces criminal charges of unauthorized use of computer and mischief in relation to data. Around 500,000 websites were open to exploitation thanks to the Heartbleed bug, however, most websites, especially the big ones like Google, have patched the hole.

Discuss on our Facebook page, HERE.

KitGuru Says: We don’t know if Stephen Solis-Reyes did anything with the information he obtained but we will likely find out soon. 

Source: BBC, Cnet

Check Also

OnePlus addresses recent security concerns with debugging app

Last night, we learned that an engineering app left on some OnePlus smartphones could contain …

  • Rick

    Thanks for the report. It’s one thing for hackers to “play” the corporate games and help companies rip each other off in the name of financial greed, but when they are stealing directly from innocent people that is very serious. Nothing can ruin a person financially like identity theft. I hope this hacker gets at least five years federal time. A good price to pay for being dumb enough to attack a government website. Did he think the CRA, RCMP and CSIS wouldn’t have the resources to track him down?