You Should Change Your Password on These Sites Immediately

As we learn more and more about Heartbleed, the security bug that exposed tens of millions of servers worldwide, one thing is becoming clear: Our data is never really safe.

The bug, which was only discovered earlier this week, dates back two years, and there's no way of knowing how long attackers may have been exploiting the data breach. It targets OpenSSL, the encryption software that two out of three servers use, and allows hackers to repeatedly pull 64k of data from a server's working memory.

"It's a bit like fishing — attackers don't know what usable data will be in the haul — but since it can be performed over and over again, there's the potential for a lot of sensitive data to be exposed," reports the Verge.

Since the discovery of Heartbleed, companies have been going into overload to patch up their servers. Some may have to reset their certificates, which is a slow and expensive process, but they may remain compromised if they don't.

What can you do? Now, this is the hard part: There's not much you can do until these servers are patched up. The Guardian reports that while your first instinct may be to change all your passwords, you should wait until the breach is closed; otherwise, you would be exposing your new password as well.

Which sites need new passwords? Many sites have already announced that their servers are patched up and running. They include Facebook, Tumblr, Google, Yahoo, Dropbox, OKCupid, Gmail, Yahoo Mail, Intuit/TurboTax, LastPass and SoundCloud. It should be safe to go ahead and change your password at these sites.

For others, it may be safer to wait for now.

How do you know when to change your passwords? Before you panic, here are a few ways you can find out whether or not you need to change passwords for a certain site.

1) Wait for the go-ahead: Most services will send you a notification to either alert you to their breach or to let you know that their servers have already been patched. In the latter case, you should go ahead and change passwords.

2) Check with this site built by developer Filippo Valsorda: You can enter the URL of a site and see if its server is patched up.

3) If you use Chrome as your browser, download this extension: It will let you know if the site you are browsing is affected by Heartbleed. It's an adaptation of Valsorda's site.

4) If you use the password management service LastPass, you can use its Security Check scan to see which of your saved sites are vulnerable and which passwords you need to change immediately.


Image Credit: LastPass

LastPass also has its own tool to check whether other sites are vulnerable to Heartbleed.

How likely are you to make Mic your go-to news source?

Eileen Shim

Eileen is a writer living in New York. She studied comparative literature and international studies at Yale University, and enjoys writing about the intersection of culture and politics.

MORE FROM

Meet the Girl Scouts that will earn badges for being cybersecurity experts

They'll soon get badges for coding, cryptography and more.

How to use the Snapchat Map while everyone else continues to be confused about it

Everything you need to know about the new feature.

Planet 10? Scientists may have discovered a hidden planet in our solar system

There could be a ninth — or even 10th — planet hiding out in our solar system.

Scientists created a robot that will iron your clothes for you

Shut up and take my money.

Moth eyes have inspired the touchscreen of the future

It's going to change the anti-reflection game.

Twitter was flagging tweets including the word "queer" as potentially "offensive content"

Why Twitter put the word "queer" in the same category as violent, sexual imagery.

Meet the Girl Scouts that will earn badges for being cybersecurity experts

They'll soon get badges for coding, cryptography and more.

How to use the Snapchat Map while everyone else continues to be confused about it

Everything you need to know about the new feature.

Planet 10? Scientists may have discovered a hidden planet in our solar system

There could be a ninth — or even 10th — planet hiding out in our solar system.

Scientists created a robot that will iron your clothes for you

Shut up and take my money.

Moth eyes have inspired the touchscreen of the future

It's going to change the anti-reflection game.

Twitter was flagging tweets including the word "queer" as potentially "offensive content"

Why Twitter put the word "queer" in the same category as violent, sexual imagery.