For those of us who use the internet on a daily basis, Heartbleed is a pretty terrifying thing. Because of an exploit in versions of OpenSSL, some servers had a huge bug that allowed hackers to snatch your passwords basically out of thin air. Even major sites like Amazon and Google were affected, causing a wide panic at the potential for credit fraud on a scale we’ve never seen before. As many as 17% of web servers were believed to be at risk when it was announced, and a fix was released the same day. The problem was announced and the fix released April 7th, but as of May 20th there were still 800,000 of the most popular TLS-enabled still at risk for exploitation of the Heartbleed bug.
By now, practically every major website will have fixed the problem, but it’s still important to change every password you’ve used since the bug was discovered. Even if you haven’t noticed any strange activity on your accounts as of yet, that does not mean that hackers don’t already have your password and just haven’t gotten around to using it yet. If hackers were able to pull millions of passwords at a time with little problem, there’s still a chance that your account could be compromised down the line if you haven’t gotten around to changing your login information.
There are comprehensive lists out there of which major websites are believed to have been affected, but it’s just an unnecessary risk to not just change ALL of your passwords. There will be websites that you use that might not have been considered big enough to make the lists, so why risk it? Change your passwords!