For the past two years (since March 2012), millions of websites may have been leaking sensitive data due to a major flaw in the OpenSSL software that are used to encrypt and transmit Internet data.
The Heartbleed bug as called by the researchers who discovered it, would enable hackers to obtain a compromised site’s encryption keys, which makes all passing data basically available for them to see. What makes it worse is that this type of attack would leave no trace. Considering so many websites used the affected versions of OpenSSL, the potential damage could be serious.
The good news is as this security flaw was discovered, many major companies are already patching their websites.
- Intuit (TurboTax)
- Many others…
For any other sites not listed, check their vulnerabilities by using this LastPass Heartbleed checker.
What You Need to Do
Until the affected websites fixed the vulnerabilities, you can’t do much because you could very well be handing over your new password to an undetected hacker. But once they patched their OpenSSL, you need to change your password right away. At this point the sites mentioned above have already patched their sites, so it’s safe to change your password.
If you have a habit to use the same password for all your online accounts, then you need to change your password even for all sites, because your password is already compromised from the affected services. Hackers can still use that same password to gain entry to your account for the unaffected websites.
Don’t Use One Password for Multiple Websites
It bears repeating with this latest discovery that it’s never a good idea to use one password for multiple accounts. Even if you didn’t want to use a unique password for each online account you own, at the very least do so in a group. So use one password for critical sites such as your online banking and tax, another one for emails, a different one for other less important sites. Make sure you also follow these safety tips for social media.
Here’s What You Need to Know About the ‘Heartbleed’ Bug That’s Attacking Millions of Websites
What Should You Do About the Heartbleed Security Flaw?
The Heartbleed Aftermath Drags On: What Passwords You Need to Change Now
Not just websites hit by OpenSSL’s Heartbleed – PCs, phones and more under threat
Difficulty of Detecting OpenSSL Heartbleed Attacks Adds to Problem
Google, Amazon, Facebook and others confess to Heartbleed vulnerabilities
Heartbleed SSL bug leaves web servers open to attack