Update: An account associated with the NSA tweeted out a quick denial: “Statement: NSA was not aware of the recently identified Heartbleed vulnerability until it was made public.” So, either Bloomberg was misled, misunderstood their information, or the NSA is lying. [A caveat: The Twitter account in question is being treated by the larger world as legitimate, but remains unverified by Twitter itself.]
Update 2: See bottom of post for full NSA statement. Source one, two.
This afternoon Bloomberg reported that the National Security Agency (NSA) knew about the now infamous Heartbleed flaw in OpenSSL, and that it used the weakness to collect intelligence.
It is not clear if the NSA used Heartbleed to collect information regarding citizens in the United States, so this issue may not concern privacy like so many other revelations regarding the agency have. Instead, the idea is that the NSA was reportedly aware of the issue, and chose to exploit the exploit rather than helping the larger technology community quickly.
In short, The NSA essentially decided that its own intelligence efforts were more important than the security of your information.
In the ensuing few days since the Heartbleed weakness has been exposed, companies and services large and small have rushed to patch their systems, change their cryptographic protections, and alert their users to change their passwords. This situation could have been ameliorated, if not avoided altogether.
The NSA’s reputation inside of the technology world has been long-suffering, especially in the wake of efforts to weaken encryption by inserting back doors, and its efforts to tap the cables between data centers of large, popular technology firms. This will not help.
Disrupt 2026: The tech ecosystem, all in one room
Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $400.
Save up to $300 or 30% to TechCrunch Founder Summit
1,000+ founders and investors come together at TechCrunch Founder Summit 2026 for a full day focused on growth, execution, and real-world scaling. Learn from founders and investors who have shaped the industry. Connect with peers navigating similar growth stages. Walk away with tactics you can apply immediately
Offer ends March 13.
Making the average person understand the extent of the NSA’s actions has been difficult — some don’t get, or simply don’t care, about their digital privacy — but to deliberately ignore a known flaw that could put every member of your family at risk? That’s easier to grasp.
Update 2, continued:
