Change all your passwords - someone might already have access to your Facebook and Gmail! There is a critical error in SSL, dubbed the heartbleed bug, that might have exposed your private information to hackers.
It sounds bittersweet and even romantic, but the heartbleed bug is nothing of the sort. It is an overlooked snippet of code found in OpenSSL that sends information from a supposedly secure website to any third party aware of this internet vulnerability.
See the "https" that you see when you are viewing Facebook or Gmail? The "s" right after http stands for "secure". But because of faulty coding a.k.a. the heartbleed security bug, your information - including your usernames and passwords - is not secure at all.
Paradoxically, accessing your account to change your password might put you more at risk. So, before you change your passwords, read on.
Heartbleed Bug: You Are Affected
The "HTTPS" stands for hypertext transfer protocol secure. It uses the conventional HTTP with a secure protocol, such as SSL, to ensure that whatever information you send via internet will never be viewed by unauthorized parties. However, the heartbleed bug provides a vulnerability in the OpenSSL code used by many websites, providing a way for spectators to gain access to your data.
Websites aware of this flaw in OpenSSL have started fixing the hole, but this does not mean your accounts are safe. You still have to change your password if you want all your passwords and private mail protected!
Websites Affected by the Heartbleed BugThe following websites have been affected by the heartbleed bug. Some of them report no hacked accounts as of press time, but changing your passwords is still advised.
- Gmail and other Google services
- Yahoo! Mail and other Yahoo! services
- And many others
A few popular websites, including PayPal and LinkedIn, we're not affected by the security breech. They did not use the OpenSSL version which carried the heartbleed bug.
But before you change your passwords...
Remember that even if you change your password, it doesn't mean your account is protected unless the website has declared a patch for the vulnerability. Before changing your password, find out if the account you're using, whether it's just for a social network or for a bank account, is hosted by a website that has already fixed the SSL problem!
If your have an account at a website that hasn't provided a fix yet for the OpenSSL error, avoid signing in to change your password. Any internet transaction with an unprotected website will further increase your risk for unauthorized-party access.
Now that the heartbleed bug has been exposed and is now being fixed by websites worldwide, the worst is almost over. If you think your account has been compromised, contact your website customer support or administrator immediately. Share with friends and family, too, to make sure they don't get hacked!