Unless you’ve been living under a rock for the last week, you’ll most likely have heard the phrase “Heartbleed” being thrown around with panic online. But what exactly is Heartbleed and how does it affect you?
No, it’s not some new metal band from Denmark; Heartbleed is a lot darker. In fact, Heartbleed is potentially the biggest security threat that the internet has ever faced. In the most basic terms, it is a flaw in the encryption technology employed to keep email, social media, online banking and e-commerce. This flaw has gone undetected for 2 years, and could potentially have been exposing your “secure” information for all that time.
It’s unknown whether hackers have taken advantage of this flaw, and it’s impossible to find out whether they have or not. However, this is part of the problem; it’s unknown just how much damage Heartbleed may have caused.
But how might it have affected you personally, and what can you do about it now?
1 – It may have affected your social media security.
Facebook, Pinterest and Tumblr have already confirmed that they were using OpenSSL, the cryptography library that was affected by Heartbleed, while it’s currently unclear whether or no Twitter was affected. This means that you should change your Facebook, Pinterest, Tumblr and Twitter passwords immediately. Facebook, Pinterest and Tumblr have since patched the issue, meaning that these sites should be secured from now on and LinkedIn never used OpenSSL, meaning that it was never affected.
2 – It may have affected your email’s security.
Gmail and Yahoo Mail have both confirmed that their services were affected by the Heartbleed bug. Both have now fixed the issue, but urge users to change their passwords immediately to a brand new password that hasn’t been used before. Hotmail, Outlook and AOL were not running OpenSSL, and so weren’t affected.
3 – It may have made your use of e-commerce sites unsecure.
Both GoDaddy and Amazon Web Services have confirmed that they were affected by the bug and have since patched the issue, though the Amazon site itself was not affected. Users should change all their passwords for these services immediately. Ebay, which is most likely the largest point of concern for many users, claims that they were not affected, but hasn’t confirmed this for all their services, so users should change their passwords regarless. Paypal was not affected.
4 – It may have made your filesharing unsecure.
Dropbox, probably the most used filesharing site, has confirmed that it was using OpenSSL, and though it has fixed the issue, urges users to change their passwords. LastPass, SoundCloud, WeTransfer and Wunderlist have also all been affected. It’s currently unclear with NetFlix uses OpenSSL, but it’s best to use a new password for that site, just in case.
5 – It may have even affected your online dating.
OkCupid, one of the world’s biggest online dating sites, has confirmed that it was using the OpenSSL and so therefore was made vulnerable by the bug. All users should change to new passwords immediately. Match.com is not affected. Certain “adult material” sites were also affected, so check that you’ve not been left vulnerable on those!