This past April, researchers announced that they had found the Heartbleed Bug, a security flaw that could leave secure information vulnerable online. As of late June 2014, more than 300,000 servers remained affected by the bug. If you haven't updated your passwords yet, now is the time to do so.
What is Heartbleed, and how does it affect you? Here are answers to common questions.
What is the Heartbleed Bug?
The Heartbleed Bug is a security flaw found this week in Open SSL, which is network software used by secure websites. You know you’re on a secure website when the web address starts with “https” rather than “http” or you see a little lock icon in your browser.
Social media, banking, email, shopping, and dating sites use security software like this – though not all of them are affected by this bug.
Why is it dangerous? Has any data been stolen?
The bug could allow an attacker access to sensitive data, credit card information, passwords, and encryption keys that they should not have access to. The vulnerability has been present since December 2011, so there’s a chance that your data has been at risk for more than two years.
That’s the scary part. But here’s the good news: It doesn’t appear that hackers ever knew about or exploited this bug. It was discovered by a member of Google’s security team, so all signs point to the researchers finding it first.
What websites are affected?
You’ve probably heard about some of the big websites that are affected: Yahoo, OKCupid, and Flickr, to name a few. You can find out what websites are affected by checking this long list of affected websites, which while comprehensive, is a lot to wade through. Or, use this website checker set up by password vault LastPass.
What should I do?
Not every website you use has been affected, but that doesn’t mean you should stop reading this article and move on. There are steps you can take to protect yourself in case data was breached while this vulnerability was present. The downside is, you can’t do anything until the websites you use patch their systems.
Find out what websites are affected. Use the links above for the list of affected websites or the LastPass website checker to find out whether the secure websites you commonly use are affected. You’ll want to check any website you use for email, shopping, social media, and banking – basically, any website that has personal and/or financial information about you. Until you’re sure an affected website has patched the bug, it’s best not to log on to those sites.
Change your passwords. This step is important, but you can’t take it until the website you use has issued a patch for the bug. Any large website is going to work quickly to fix this problem and will notify you when it’s OK to update your information. The LastPass checker will tell you when the website made an update.
- Longer is better, at least eight characters
- Don’t use real words
- Don’t use personal information like birthdays and anniversaries
- Use special characters
- Be creative – see our tips for creative passwords here.
This helpful list from Mashable.com tells you what passwords you should change NOW: http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/.
Do you still have questions about the Heartbleed Bug or online security? Call PNSolutions today – we can help!