The bug has actually been around for a couple of years but was only recently discovered. It has the potential to be one of the biggest and most widespread vulnerabilities in the entire history of the internet. But what exactly is Heartbleed?
Turns out that there was an (up-until-now) undetectable flaw in OpenSSL, making encrypted information (like passwords and credit card numbers) on many websites, apps, social media, shopping, banking and messaging sites, etc., vulnerable to attack by hackers.
There is no indication at this point that hackers knew about the flaw but at the same time, there is no guarantee that your private information hasn’t been compromised by hackers.
Companies are working as fast as they can to fix the problem. Unfortunately, there isn’t a super easy fix for affected companies. IT pros also have to ensure that digital certificates issued before the patch are still safe.
Wonder what it really means for you and if you should be worried? Just to be safe, just change your passwords. Mashable has kept a running list (and updates it often) of the websites on which you should go ahead and change your password.
Changing your password on a site that has not yet patched the problem will still leave your information on that site vulnerable (in other words, until the company has patched the problem, wait to change your password). If you use the same password on multiple sites, and any one of those sites was vulnerable, you’ll have to change your password everywhere (you know it’s not a good idea to use the same password on multiple sites anyway).
If you use any of these sites, change your password now: Facebook, Instagram, Pinterest, Google/Gmail, Yahoo, Etsy, Netflix, YouTube, WordPress and Dropbox. Visit Mashable’s “The Heartbleed Hit List: The Passwords You Need to Change Right Now” for the full list of passwords you may need to change.
The good news is that many (but not all) banking and credit card sites (like American Express, Bank of America, Capital One and Chase), major commerce sites (like Amazon, Walmart and PayPal) and government and tax websites were not affected. Check the list for any websites that you might use that may have been affected.