The CRA is warning people to be wary of anyone calling or emailing to say your SIN was stolen. The CRA is supposedly sending out notifications only via registered mail.
The RCMP has arrested the 19-year-old hacker suspected of stealing social insurance numbers from the Canada Revenue Agency web site.
It shows you how irresponsible it is to publish exact details of an exploit before it can be patched.
Since it's been around a couple years, a responsible group would have notified OpenSSL and the certificate issuing authorities and waited for the fix to be availible and then told everyone there was a critical problem without first saying what exactly it is and how to exploit it.
But some people are more interested in fame than doing the right thing.
Dave