Heartbleed Bug: What you need to know
Recent media attention has focused on the Heartbleed Bug, a major security vulnerability discovered in the technology that powers encryption across much of the Internet. The bug allows attackers to read the memory of systems protected by a popular network encryption software package, bypassing security to view protected information including personal information like usernames and passwords.
Who has been affected by this vulnerability?
Media reports suggest as many of two-thirds of all internet sites may have been affected by this vulnerability. Even market leaders such as Yahoo, Google, Facebook, and Amazon were affected.
How might I be affected by this vulnerability?
It is important to point out that just because a website was vulnerable at some point, it does not mean that this vulnerability was exploited. By extension, even if the vulnerability was exploited, it does not mean any useful private information was disclosed. However, we have handled this incident with caution, and recommend you become aware of the status of any websites or services you use.
What can I do to protect my identity and data?
Once you know a website or service you use was vulnerable at one time, assume your data is at risk and follow these steps.
- Confirm with the owner of any website you have an account with that they were either not affected by this vulnerability, or that it has been remedied. You may also want to confirm that they have re-keyed their SSL certificates.
- Change your password only after confirming the vulnerability is no longer a threat to the website. Changing your password before the vulnerability is resolved may leave you at risk.