When was the last time you changed your passwords? Did you change all of them? Even Facebook? Did you make them all different? These are things you need to consider doing RIGHT NOW in the wake of “one of the biggest security threats the Internet has ever seen,” which is informally known as Heartbleed.
Many internet bugs have popped in and out of our radar over the past few years, but the potential damage from Heartbleed is seriously scary. This bug is the result of a flaw in the network software, OpenSSL, which is an open-source set of libraries for encrypting online services meant to protect your data. If you use Facebook or Gmail everyday (or for pretty much everything including work, like me), then this is not a bug you can ignore. Heartbleed has the ability to reveal the contents of a server’s memory, which includes personal data such as usernames, passwords, and credit card numbers.
Now, while it’s a good idea to change your passwords immediately, keep in mind that just because we’re now aware of the list of sites that have been affected (full list on Mashable here), doesn’t mean all of these sites have patched the flaw yet. So changing the password will do nothing to protect your information until the flaw has been fixed on each site. Instead, you should contact the company and find out when it expects to push out a fix to deal with Heartbleed. Luckily, researchers have said that there has been no indication that hackers caught wind of the flaw before they discovered the problem. However, just because there’s been no sign of hacking doesn’t mean it hasn’t occurred. There’s still a chance that Heartbleed was known to someone before the Google security team and Codenomicon discovered it, and they could’ve slipped in and out of the flaw (so to speak) to extract the data they wanted and left without a trace.
Until we know more, check the progress of the patch for each individual site you use that has been affected. If a fix has been made, change your password. Make sure your passwords are not easy, predictable combinations of personal info. Make them hard or impossible to guess. Although banking websites have not been affected at this time, you should still keep an eye on your accounts for any suspicious activity. And finally, I guess we all need to keep our fingers crossed that our data is safe?
Featured image via DigitalTrends