China websites scramble to fix "Heartbleed" bug

Leading Internet companies in China have taken steps to thwart a "Heartbleed" bug that allows hackers to unlock encrypted data and access sensitive information.

Chinese e-commerce company Alibaba announced on Wednesday that it had fixed the problem and online users could access its websites as usual on Sina Weibo, China's Twitter.

Tencent, the country's biggest Internet firm, said measures had been taken to safeguard information of their services, including e-mail and popular mobile messaging platform WeChat.

JD.com, one of China's three leading business-to-customer retailers, said it had fixed the problem and no theft of credit card numbers had been reported so far.

Web encryption program OpenSSL is widely used to protect passwords, credit card numbers and other sensitive data sent through the Internet, but the newly-discovered bug in it has gone undetected for about two years.

Testing by China National Vulnerability Database showed some major Internet companies home and abroad, which provide services like e-mail, online payment or live chat, have been vulnerable.

Cyber attacks by hackers, who are taking advantage of the flaw, have already appeared. A surge in such attacks could be expected soon, warned Wang Minghua with the National Computer Network Emergency Response Technical Team Coordination Center.

Web service providers have been urged to upgrade systems and fix the vulnerability to ensure information safety.

"To protect themselves from theft of sensitive data, like passwords or credit card numbers, Internet users are advised not to log in to certain websites or use online payments within two to three days when companies are upgrading systems," Wang said.