By now, you have heard about this “Heartbleed” thing.. Most of us are not sure if it is a big thing to deal with or not, or if it even affects them. Let’s make sure we all understand this: it does.
It does because, we, as a rule, are very, very lazy when it comes to passwords. We tend to use 1 or 2 passwords for everything, INCLUDING banking information. In other words, if you get someone’s password to say, Facebook, chances are, you have the password to their Bank of America Account. (Keep in mind, most banks have 2 and 3 layers of security, but still .. )
So lets go over some basics.
First off: What is the Heartbleed Bug?
This is a flaw in the cryptography library (also known as a “bug”,) that allows an attacker to get information that would normally be unable to be read as it passes through the internet. This becomes an issue because while it generally doesn’t affect access to financial and banking sites (that we know of,) it does affect most everything else.
Second: Why does this affect me?
It affects you because it gets access to websites and systems like Facebook, Instagram, and others, allowing your attacker a better chance at getting the passwords to those banking and financial sites. (My guess is most users tend to use the SAME password for everything, but none of us do that here. RIGHT?)
Thirdly: Is there a list of sites that are affected?
I have a PARTIAL list of sites that were compromised either in reality or in theory.
Below is a table that goes through some of the sites affected..
Social Networks |
||||
Was it affected? |
Is there a patch? |
Do you need to change your password? |
||
|
Unclear |
Yes |
Yes |
|
IFTTT |
Yes |
Yes |
Yes |
|
|
Yes |
Yes |
Yes |
|
|
No |
No |
No |
|
|
Yes |
Yes |
Yes |
|
Tumblr |
Yes |
Yes |
Yes |
|
|
No |
Yes |
Unclear |
|
Other Companies |
||||
Was it affected? |
Is there a patch? |
Do you need to change your password? |
||
Apple |
No |
No |
No |
|
Amazon |
No |
No |
No |
|
|
Yes |
Yes |
Yes |
|
Microsoft |
No |
No |
No |
|
Yahoo |
Yes |
Yes |
Yes |
|
|
||||
Was it affected? |
Is there a patch? |
Do you need to change your password? |
||
AOL |
No |
No |
No |
|
Gmail |
Yes |
Yes |
Yes |
|
Hotmail / Outlook |
No |
No |
No |
|
Yahoo Mail |
Yes |
Yes |
Yes |
|
Stores and Commerce |
||||
Was it affected? |
Is there a patch? |
Do you need to change your password? |
||
Amazon |
No |
No |
No |
|
Amazon Web Services (for website operators) |
Yes |
Yes |
Yes |
|
eBay |
No |
No |
No |
|
GoDaddy |
Yes |
Yes |
Yes |
|
Nordstrom |
No |
No |
No |
|
PayPal |
No |
No |
No |
|
Target |
No |
No |
No |
|
Walmart |
No |
No |
No |
|
Banks and Brokerages |
||||
Was it affected? |
Is there a patch? |
Do you need to change your password? |
||
Bank of America |
No |
No |
No |
|
Capital One |
No |
No |
No |
|
Chase |
No |
No |
No |
|
Citigroup |
No |
No |
No |
|
E*Trade |
No |
No |
No |
|
Fidelity |
No |
No |
No |
|
PNC |
No |
No |
No |
|
Schwab |
No |
No |
No |
|
Scottrade |
No |
No |
No |
|
TD Ameritrade |
No |
No |
No |
|
TD Bank |
No |
No |
No |
|
U.S. Bank |
No |
No |
No |
|
Wells Fargo |
No |
No |
No |
|
Government and Taxes |
||||
Was it affected? |
Is there a patch? |
Do you need to change your password? |
||
1040.com |
No |
No |
No |
|
FileYour Taxes.com |
No |
No |
No |
|
H&R Block |
Unclear |
No |
Unclear |
|
Healthcare .gov |
No |
No |
No |
|
Intuit (TurboTax) |
Yes |
Yes |
Yes |
|
IRS |
Unclear |
Unclear |
Unclear |
|
TaxACT |
No |
No |
No |
|
USAA |
Yes |
Yes |
Yes |
|
Other |
||||
Was it affected? |
Is there a patch? |
Do you need to change your password? |
||
Box |
Yes |
Yes |
Yes |
|
Dropbox |
Yes |
Yes |
Yes |
|
Evernote |
No |
No |
No |
|
LastPass |
Yes |
Yes |
No |
|
Minecraft |
Yes |
Yes |
Yes |
|
Netflix |
Unclear |
Unclear |
Unclear |
|
OKCupid |
Yes |
Yes |
Yes |
|
SoundCloud |
Yes |
Yes |
Yes |
|
Spark Networks (JDate, Christian Mingle) |
No |
No |
No |
|
Wunderlist |
Yes |
Yes |
Yes |
(this table and a more descriptive were pulled directly from here:
http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/?utm_cid=mash-com-fb-main-link )
The big ones are on the top.
Finally: What do I need to do?
CHANGE YOUR PASSWORDS!! ALL OF THEM. Really – change them, even if you don’t have anything on the list. Learning new passwords is MUCH easier than dealing with a compromised account.
Make sure you stay on top of this. While a virus can be fixed, a hole like this, which had been out for a while, but not discovered until recently, can wreak havoc on your life.