Heartbleed: Change Your Passwords Now!

By on

Chances are you’ve heard a lot about the massive Heartbleed security bug in recent days. But if you’re like me, you aren’t sure which websites were impacted, and what passwords you need to change.

In a nutshell, the Heartbleed bug, which went undetected for two years, leaves sensitive personal data – like usernames, passwords and credit card information – vulnerable and at risk of being intercepted. So it’s bad news – really, really bad news.

According to Mashable, Internet companies left vulnerable to Heartbleed scrambled to quickly update their servers and develop a security patch.

So what can you do to protect yourself? If you haven’t already, change your passwords on the websites affected by the bug.

Mashable compiled the following list of popular websites impacted by Heartbleed. Each of the sites has developed a security patch to protect users’ data.

If you have an account on one of the major sites listed below, change your password now.

  • Social networks – Facebook, Instagram, Pinterest, Tumblr.
  • Other companies — Google, Yahoo.
  • Email – Gmail, Yahoo Mail.
  • E-commerce – Amazon Web services (for website operators; Amazon for shoppers was not affected), Etsy, GoDaddy.
  • Entertainment – Flickr, Minecraft, Netflix, YouTube, SoundCloud.
  • Government – USAA.
  • Other – Box, Dropbox, GitHub, IFTTT, OKCupid, Wikipedia, Wunderlist.

How can you tell if other websites you use are affected? McAfee released a free test

CNET said it’s critical that people not underestimate the severity of the Heartbleed bug.

Security vulnerabilities come and go, but this one is extremely serious. Not only does it require significant change at websites, it could require anybody who’s used them to change passwords too, because they could have been intercepted. That’s a big problem as more and more of people’s lives move online, with passwords recycled from one site to the next and people not always going through the hassles of changing them.

A large number of Android smartphones – those that run 4.1.1 Jelly Bean – are still susceptible to the security bug, according to Business Insider. Not sure what version of Android your phone is running? Go to the Settings Menu, then check the About Phone option. You should be able to see what version of Android is running and also check for software updates.

I changed my Facebook, Netflix, Instagram and Yahoo Mail passwords. I also changed my Amazon and Hotmail passwords even though they weren’t on the list, because it’s always a good idea to change passwords from time to time.

Have you changed your passwords? 

Sign up for our free newsletter

Like this article? Sign up for our newsletter and we'll send you a regular digest of our newest stories, full of money saving tips and advice, free! We'll also email you a PDF of Stacy Johnson's "205 Ways to Save Money" as soon as you've subscribed. It's full of great tips that'll help you save a ton of extra cash. It doesn't cost a dime, so why wait? Click here to sign up now.

Check out our hottest deals!

We're always adding new deals and coupons that'll save you big bucks. See the deals to the right and hundreds more in our Deals section.

Click here to explore 1,270 more deals!

Comments & discussion

We welcome your opinions, but let’s keep it civil. Like many businesses, we reserve the right to refuse service to anyone. In our case, that means those who communicate by name-calling, racism, using words designed to hurt others or generally acting like an uninformed bully. Also, comments that include links to email addresses or commercial websites typically aren't posted. This isn't a place to advertise your business.

  • Jack Mabry

    Don’t get excited. The key statement is “went undetected for two years”. If it were so horrible, why haven’t we all been hit with identity theft? All the sites mentioned have taken care of the problem. Just monitor your financial sites, as you always should. Other than that, pretty much forget about it.

    • Jason

      My thoughts exactly.

  • cynner

    It seems strange to me that so few of the websites I go to have any kind of notification posted about their status. Some of these companies can see fit to send me multiple marketing emails on a frequent basis, but can’t take the time to make information available about their status with this big security flaw.