Heartbleed and the NSAWhen we first wrote about the Heartbleed bug last week, we said that one of the biggest questions surrounding the bug was whether or not anyone had the chance to use it before everyone went into DEFCON 1 to close the loophole. Over the weekend, Bloomberg reported that there’s a good chance at least one group knew of (and had been using) the exploit: the National Security Agency.

Bloomberg’s report is based on comments from two unnamed “people familiar with the situation.” For their part, Bloomberg writes that the NSA initially declined to comment on the story, then denied anyone at the agency knew about Heartbleed before it was made public recently.

If the NSA did know about the exploit, they’d be able to use it to access passwords and other data that can be super helpful if you’re looking to get to data people don’t want you to have. However, the different stories coming from Bloomberg and the NSA give us all a chance to pop in The Matrix, look deep inside ourselves, and decide who we want to believe.

The first decision is whether or not you believe the NSA. If you think the NSA didn’t have prior knowledge of Heartbleed, then it’s back to being worried about general Internet bad guys and whether or not they have access to your bank accounts. But if you believe Bloomberg’s reporting about the NSA’s involvement, then you’ve got an entirely different question – Is the NSA looking into everyone’s business, or just the “bad guys”?

It’s the same debate a lot of people had to have when the Edward Snowden leaks detailed the NSA’s ability to access phone records. Is the NSA’s ability to retrieve information on the people they need to get intel on worth the possibility that they’re snooping on the people they want to? Or is this a program that’s being used totally on the up-and-up?

Wherever you fall on the NSA question, it’s a good idea to update your passwords to keep your information safe.  Check out our Heartbleed 101 article to learn all the basics of the bug and to get on the road back to Internet security.