Two weeks ago, the Heartbleed Bug rocked the world (literally). Some are calling it the greatest security threat the Internet has ever seen, while others are less certain of the damage inflicted by the virus. The truth is, as of right now, we don’t know a whole lot about it, and sometimes not knowing how to protect yourself from hackers can be much more frightening than understanding the gravity of the situation.
What Do We Know So Far?
The Heartbleed bug was designed to expose and exploit a software flaw in webservers that run a package called OpenSSL, which would allow hackers to have access to cryptographic keys. Those keys are used to secure online commerce and web connections. If hackers did use those keys, they could have access to your credit card information, social media pages, and e-mail accounts.
Perhaps the most unnerving part of the whole ordeal is the fact that the vulnerability has been in existence since 2011. That means hackers could have had access to user accounts for almost three years. Experts are still attempting to assess the extent of the damage.
What’s the Damage, Doc?
Luckily, the virus (though dangerous) has been limited to those servers that operate OpenSSL, meaning that this is not the Internet Apocalypse. In order to access your information, you would have had to been on a server that utilized OpenSSL, and the hacker would have to have the perfect race conditions (timing) so that your information was still accessible in memory (otherwise it would disappear). Heartbleed represents a serious issue, but the fear being propagated across the Internet has, to a certain extent, dramatized the issue. In the coming weeks, there will likely be more updates on how to protect yourself from this vulnerability.
Should I Reset All of My Passwords?
The Mashable Team conducted some research on what sites were affected by the virus, and that information will be available to you here. If you don’t have time to read the article, that’s okay, because we’ll just list the ones that you should reset.
You should reset your password on the following sites:
Social Networks: Facebook, Instagram, Pinterest, Tumblr, Twitter (probably)
Company Sites: Google, Yahoo
Email: Gmail, Yahoo Mail
Stores and Commerce: Amazon Web Services, Etsy, GoDaddy
Videos, Photos, Games & Entertainment: Flickr, Minecraft, Netflix (to be safe), SoundCloud, YouTube
Banks and Brokerages: None
Government and Taxes: Intuit, USAA