Edit Article

Heartbleed is an OpenSSL vulnerability that allows anyone to access and read encrypted data sent between your computer and a server; disclosing usernames, passwords, and other confidential information. Heartbleed was discovered and patched April 7th, 2014. This bug was introduced in OpenSSL version 1.0.1, which was released March 2012.[1]


The chance that one or more of your online accounts is compromised because of this bug is very high; OpenSSL is used by over 60% of websites worldwide[2] to encrypt personal data.


This article will help you protect yourself from attackers who may have exploited this bug to gain your confidential data.

Ad

EditSteps

  1. Heartbleed check.png
    1
    Discover which services you use are affected by Heartbleed. There are two Heartbleed checkers; one made by LastPass (https://lastpass.com/heartbleed/), and one by 1Password (http://watchtower.agilebits.com). It is recommended to check each site in question with both tools.
    Ad
  2. Heartbleed patched two.png
    2
    Find out if the service has patched the bug. If they haven't made a public announcement, you may have to contact the webmaster and ask what their current status is. Below is a short list of popular websites that have patched Heartbleed recently.[3]
    • Facebook
    • Google (Gmail)
    • Yahoo!
    • Tumblr
    • Flickr
    • OkCupid
    • Netflix
    • Pinterest
    • Dropbox
    • Wunderlist
    • GitHub
  3. Heartbleed login two.png
    3
    If a website has not patched the bug, leave your account as is, whether logged in or not. If you are logged out, logging in may allow a hacker to exploit the bug and obtain your personal data.[4]
  4. Heartbleed password two.png
    4
    Change your password on sites that have patched Heartbleed. Because it is possible that an attacker already has your username and password, it is critical that you change your passwords - not just on websites that were affected by Heartbleed, but also on websites that share the same login credentials as an affected website. This is a great opportunity to find a trustworthy password manager and create a unique password for each account.
    Ad

We could really use your help!

Can you tell us about
mousetrap cars?
Yes
No
mousetrap cars
how to build a mousetrap car
Can you tell us about
Indian family life?
Yes
No
Indian family life
how to live and deal with Indian parents
Can you tell us about
diet and exercise?
Yes
No
diet and exercise
how to tighten your thighs
Can you tell us about
glowing water?
Yes
No
glowing water
how to make glowing water
Thanks for helping! Please tell us everything you know about
...
Tell us everything you know here. Remember, more detail is better.
Tips
Provide Details.
Please be as detailed as possible in your explanation. Don't worry about formatting! We'll take care of it. For example:
Don't say: Eat more fats.
Do say: Add fats with some nutritional value to the foods you already eat. Try olive oil, butter, avocado, and mayonnaise.
Submit

EditTips

  • Using strong and unique passwords will help prevent widespread hacking should one of your accounts become compromised.
  • If you have concerns about privacy or anonymity, consider staying off the Internet for a few days while things cool down and servers are updated to the latest version of OpenSSL.[5]

EditSources and Citations

  1. http://heartbleed.com/
  2. http://heartbleed.com/
  3. http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/
  4. http://mashable.com/2014/04/09/heartbleed-what-to-do/
  5. https://blog.torproject.org/blog/openssl-bug-cve-2014-0160

Article Info

Featured Article

Categories: Featured Articles | Internet Security

Thanks to all authors for creating a page that has been read 30,458 times.

Did this article help you?
Yes No

Become
an Author!

Write an Article