As you may know by now Heartbleed has pretty much given the Internet its biggest scare. The security flaw allows potential attackers to get passwords, credit card information, and other information that’s usually encrypted.
Because Heartbleed’s threat is so massive, it’s very possible that a few individuals will end up becoming victims to identity theft. It’s as yet unclear whether any cyber criminal syndicates or hackers knew of its existence and have been using it, but ever since the revelations were made, there’s a state of panic among users. Because Heartbleed can break SSL encryption, Internet majors such as Google, Facebook, Yahoo, Dropbox, Tumblr, Amazon Web Services could be victims.
Thankfully, a patch has been released which can thwart the Heartbleed attack, but users are still advised to change many of their passwords. Since some attackers could already have accessed your password, you are vulnerable regardless of whether the website in question has applied the patch.
So which ones must you change? Mashable has a handy chart ready and it doesn’t make good reading if you are a heavy user of Internet services. It’s also reaching out to the top 10,000 websites to check on their vulnerability status. Here’s the Github page for the entire list.
If you want to verify first-hand whether a website or service is affected, you can check it out in this tool, which tests pages for the Heartbleed vulnerability.
Yahoo, Google and Facebook
Firstly, all of Yahoo and Google’s services could have fallen prey to Heartbleed and Facebook is not safe either. So you better get started on changing those passwords. Facebook had said in a statement, “We added protections for Facebook’s implementation of OpenSSL before this issue was publicly disclosed. We haven’t detected any signs of suspicious account activity, but we encourage people to … set up a unique password.”
LinkedIn, Twitter seemingly safe
LinkedIn is not affected by Heartbleed. “We didn’t use the offending implementation of OpenSSL in www.linkedin.com or www.slideshare.net. As a result, HeartBleed does not present a risk to these web properties,” the company is quoted as saying by Mashable.
Twitter claimed in a tweet that none of its services were affected by Heartbleed, though it still advised users to change their passwords.
Amazon sees mixed results
Amazon.com is not affected by Heartbleed, though Amazon Web Services, which many website operators use would have been vulnerable to its threat. Thankfully, AWS in a statement said it had plugged the flaw on their services.
Banks, government websites remain safe
Most Banking websites remained safe, though it never hurts to change passwords every now and then. Some government websites were rumoured to have been open to attacks, though the situation remains unclear for websites such as Healthcare.gov, the US insurance online marketplace.
Dropbox, LastPass big worries
One of the biggest dangers is that Heartbleed could be used to bring down a password storage service, which will give attackers access to a bigger cache. LastPass, is one such service, thought to be affected by Heartbleed. The company said that even in spite of using OpenSSL, its services remained free from harm. “Though LastPass employs OpenSSL, we have multiple layers of encryption to protect our users and never have access to those encryption keys.”
Dropbox also seems to have been affected, though it said in a tweet that all its services had been patched. Even so, it’s advised that you change your password now before it’s revealed that someone has had access to passwords all this while.
OKCupid, Soundcloud also open to attack
Websites like OKCupid and Soundcloud were also found to be vulnerable, according to Mashable’s list. OKCupid was quoted as saying, “We, like most of the Internet, were stunned that such a serious bug has existed for so long and was so widespread.” On the other hand, Soundcloud says it is signing all users out and when they sign back in, the fix would have been in effect.
Estimates suggest that nearly 2/3rds of the Internet is affected by Heartbleed, which could have potentially disrupted all internet activity, if used by the wrong hands. So it’s a great achievement for the White Hats who discovered the bug and quickly rolled out a fix. Now all that’s left for you to do is change your password and make it a tough one to crack.