A major security threat known as the Heartbleed Bug is an encryption flaw that has apparently affected numerous services including social media, companies, and emails. Because of this, it’s definitely a good idea to check to see what places have been hit and change your passwords. Mashable has offered a list of affected websites despite the fact that some of the details haven’t been particularly clear. You can also find a simplified list below.
While some websites have revealed that they haven’t caught any suspicious activity, and are implementing patches, it is still recommended that you change your passwords. If you believe that your information may be vulnerable, always change your passwords!
Websites Recommending Password Resets:
Facebook: While it is recommended that everyone change their Facebook passwords, it is currently unknown if it was actually affected by the threat. Facebook stated, “We added protections for Facebook’s implementation of OpenSSL before this issue was publicly disclosed. We haven’t detected any signs of suspicious account activity, but we encourage people to set up a unique password.”
Tumblr: It has been confirmed that Tumblr has been affected by the bug. “We have no evidence of any breach and, like most networks, our team took immediate action to fix the issue.”
Google: The bug has affected Google. A statement was released addressing the situation: “We have assessed the SSL vulnerability and applied patches to key Google services.” This includes Search, Gmail, YouTube, Wallet, Play, Apps and App Engine.
Yahoo: While Yahoo has confirmed to be affected by the bug, a patch has been set in place. “As soon as we became aware of the issue, we began working to fix it… and we are working to implement the fix across the rest of our sites right now.” This includes the Yahoo Homepage, Yahoo Search, Yahoo Mail, Yahoo Finance, Yahoo Sports, Yahoo Food, Yahoo Tech, and Flickr.
Amazon Web Services (For website operators): A patch has been applied, however, it is recommended that passwords be changed.
Intuit (TurboTax): It’s been stated that TurboTax “has examined its systems and has secured TurboTax to protect against the bug.”
Dropbox: It was stated on Twitter that Dropbox has “patched all of our user-facing services and will continue to work to make sure your stuff is always safe.”
LastPass: “Though LastPass employs OpenSSL, we have multiple layers of encryption to protect our users and never have access to those encryption keys.”
OKCupid: “We, like most of the internet, were stunned that such a serious bug has existed for so long and was so widespread.”
SoundCloud: “We will be signing out everyone from their SoundCloud accounts… and when you sign back in, the fixes we’ve already put in place will take effect.”
Wunderlist: “You’ll have to simply log back into Wunderlist. We also strongly recommend that you reset your password.”
Make sure you keep an eye out on Mashable, who has committed to keep their list updated if any changes or new information appears. The good news is that fortunately, there has been no indication that a hacker learned about this bug. Mashable stated, “In theory, a cybercriminal could have exploited Heartbleed by making network requests that could piece together your sensitive data.”
Hopefully now that companies are becoming aware of the situation, the patches and necessary security procedures will keep your information safe despite the requests to reset your passwords. If you fear that any website other than the ones listed have been affected, you can check out LastPass’ Heartbleed Checker, which will allow you to enter a site and see if it is vulnerable.