Businesses at 'extremely high' risk of Heartbleed attack

More than 350 cloud services not patched 24 hours after bug released

Businesses using cloud services are at "extremely high" risk of falling victim to the Heartbleed security vulnerability, according to experts.

The Heartbleed bug was first found earlier this week and is a vulnerability in OpenSSL – technology used to protect sensitive data – which allows attackers to hack into software. Since it reared its head, security experts have warned users of cloud services to change their passwords to mitigate the risk.

But it is not just consumers who are at risk, according to cloud security specialist Skyhigh Networks, which claims enterprises face a similarly serious situation.

"While the focus in the media was initially on high-profile consumer sites such as Yahoo Mail, many cloud services present an even greater risk to companies storing sensitive data on those services," it said.

"Over the past weeks, security teams across country have been grappling with end of life for Windows XP... [but] that issue has been completely overshadowed with news of the Heartbleed vulnerability."

It said its intelligence shows that 24 hours after the vulnerability hit the headlines, 368 cloud providers had still not patched their wares, making them vulnerable to attack.

It did not divulge which firms' services were affected but claimed "leading backup, HR, security, collaboration, CRM, ERP, cloud storage, and backup services" were among them.

"The average company uses 626 cloud services, making the likelihood they use at least one affected service extremely high," it added.