Heartbleed, Passwords, And You

Many of you have probably heard something in the news about something called Heartbleed. I wanted to share my thoughts on the topic now that some time has passed and the intitial panic and fear mongering has settled down.

What Is Heartbleed?

Heartbleed is a flaw in the technology used by many websites to keep your private information (passwords, usernames, credit cards) secure.

If a website that you used was vulnerable to the Heartbleed exploit it could mean that the "bad guys" have obtained your private information (passwords, usernames, credit cards).

Which Sites Were Affected?

Numerous sites across the internet were affected. Some major websites that were vulernable (doesn't mean the bad guys necessarily stole your private info) include:

  • Dropbox
  • Flickr
  • Gmail
  • Google
  • Instagram
  • Netflix
  • OKCupid
  • Pinterest
  • Tumblr
  • Yahoo
  • YouTube

This is just a small list of some the largest websites that were affected. Many smaller sites could have been affected as well.

Was My Bank Affected?

It doesn't appear most major bank websites were affected by the Heartbleed exploit.

Should I Change My Passwords?

At this point most major websites have fixed the vulnerability caused by the Heartbleed exploit. It is a wise idea to change your password for any of the sites listed above. I would also recommend changing your password for any site that involves finances (banks, online stores, etc).

Reusing passwords puts you at risk, regardless of Heartbleed.

Many people use the same password on multiple websites. If you use the same password for your Amazon account as one of the websites that was vulnerable to Heartbleed you may find that the "bad guys" now can break into that account as well.

Final Thoughts

The Heartbleed exploit is not the end of the world. I think it is a great opportunity for people to update their passwords and make sure that they are using different passwords on different websites.

