Have you ever experienced déjà vu?
…
Have you ever experienced déjà vu?
Sorry. Couldn’t resist.
ANYWAY, doesn’t it seem like not too long ago that I told you to go ahead and change all your passwords, because data breaches (like the ones that hit Target Sally Beauty Experian) will be a common thing for quite some time?
Oh yeah. It was.
So now we have the Heartbleed bug, which affects websites running certain versions of OpenSSL on their servers. I won’t get into the technical details, mostly because I don’t know one thing about OpenSSL, but the effect for you, the Internet user and person-who-logs-into-websites, is this: about two-thirds of the entire Internet is/was affected by this vulnerability, and your login/password information could have been stolen over the past couple years or so.
Yes, this is very, very big.
So whattaya do about it? You change passwords after sites patch its OpenSSL software. Most sites are moving pretty quickly to install the patch, but some haven’t been as forthcoming when it comes to telling their users to change their passwords. Right now, this moment, go change the following passwords, if you have accounts there:
- Google/Gmail/YouTube
- Yahoo!
- OKCupid
Those are the big ones that were definitely using the vulnerable version of OpenSSL, and have now been patched. Change ’em now!
Amazon, Twitter, and some other big sites, however, are safe. They were never running the vulnerable software.
Of course, there are also countless other websites that were, so you need to check those out as well. You can enter a web address at https://lastpass.com/heartbleed and find out if it a site is affected. If you get anything but a “No” on the result page, you need to change your password, but try to find out if the site has been patched first. If you change it before they patch it, your account could still be vulnerable (and, if the site forces a password change later, you’ll just have to do it all over again).
And use strong passwords, too. I don’t have to tell you that, though, do I?