Heartbleed Breach and The Passwords You Should Change Now

News, Privacy, Technology

The Heartbleed bug left around half a million websites including Google, Yahoo, and YouTube vulnerable to attacks. Individuals are encouraged to take steps to improve their online security while affected sites are being fixed. So far, only one arrest of a suspected Heartbleed hacker has been made, but many more could follow.

The Heartbleed Bug: What You Should Know

What is Heartbleed? In short, it’s a bug that interrupts the normal encryption process of certain sites.

When you’re shopping online or accessing data that should be kept private – say, your bank account information – you’ll see that the address in your browser starts with “https” instead of the regular “http.” That extra “s” stands for secure, and it means that the site is using a form of SSL, or Secure Sockets Layer, a common cryptographic protocol that encrypts information passing between the user and the website.

With the Heartbleed bug, however, some of that information is not secure. Websites that use a type of SSL called OpenSSL – a very popular variety of SSL used in millions of websites – are vulnerable to attacks. Unethical users can exploit the bug to get sensitive information like passwords and credit card numbers, or to impersonate online entities. The bug has been around for a long time, in part because it doesn’t leave a trace in the logs.

For more detailed information on the technical aspects of Heartbleed, read the site set up by Codenomicon which, with engineers at Google, discovered it.

Were You Hacked? What To Do.

Considering how many websites worldwide use OpenSSL, and how many popular websites use OpenSSL, it’s possible or even likely some of your information was compromised. Here are some steps to take now.

Find out if sites you’re on were vulnerable and whether they’ve been patched.

Sites using OpenSSL must implement a fix to stop vulnerability. Check this list of the top 100 most popular sites to find out which have already done so and which still need to be patched. Or try a heartbleed test like this one from LastPass on individual websites.

Sign up for alerts.

Sites like Should I Change My Password and have i been pwned? allow you to check whether your email accounts have been involved in a data breach. They also let you sign up for alerts in case a breach is detected in the future. Although they won’t let you know about information compromised through Heartbleed per se, they will help you monitor the security of your email addresses.

Change your passwords.

Although it’s a hassle, changing your passwords on a regular basis is important, especially after a security breach as massive as Heartbleed. Even sites that don’t think they’ve been affected are recommending a password change.

Change your passwords now and then again after the site has implemented the fix. (Check on the site listed above to find out when that happens.) And follow good advice when it comes to picking new passwords.