Capital Group Cos., the third-largest manager of U.S. mutual funds, urged 800,000 customers to change account passwords and other information to protect themselves from risk caused by the Heartbleed computer bug.
The bug may have exposed some customers who accessed their accounts on the website for the firm’s American Funds mutual funds between Dec. 12 and April 14, Chuck Freadhoff, a spokesman for the Los Angeles-based firm, said in a telephone interview. The company today recommended in an e-mail to those clients that they change their user information, password, security image and questions, and delete their browsing history and “cookies.”
“Through an outside vendor there was with Heartbleed a vulnerability that gave a view to information flowing through that vendor’s servers,” Freadhoff said. “We are doing this out of an abundance of caution,” he said, adding that the company had no information indicating accounts had been accessed by hackers.
Heartbleed, which was recently discovered by technology researchers and made public on April 7, prompted security experts to urge consumers to change their Internet passwords, even as Google Inc., Facebook Inc. and large banks said they weren’t affected. The bug can expose people to hacking of their passwords and other sensitive information.
The Federal Financial Institutions Examination Council, made up of representatives from the Federal Reserve Board of Governors, the Consumer Financial Protection Bureau and other U.S. regulators, said last week that systems operating a widely used encryption technology called OpenSSL are at risk of being hacked.