You will no doubt have read or heard an awful lot about the ‘Heartbleed’ security vulnerability affecting a huge number of websites and online services, and you will also have been told to change a lot of your passwords. The problem with doing that right now is that if the services themselves haven’t addressed the OpenSSL issue their end, then your new passwords would be just as at risk as your old passwords.
So the bad news is that you’ll probably have to change your passwords in stages, as each of the services you use gets around to fixing the issue. Thankfully a lot of these sites and services have been notifying their users when they’ve rectified the issue, giving them the all clear to go ahead and change their login information. There are also ways to test a site to see if it has been fixed or is still vulnerable, and our developers have been running checks on some the more commonly used sites and services this morning.
So we’ve got two lists of sites here:
Fixed – these are now safe and you should change these passwords now
Unaffected – these won’t have been affected by the OpenSSL issue. However, if you use the same or similar login credentials to a site that may have been exploited, we’d advise that you change these passwords too.
Fixed (change passwords now):
Unaffected (only change if same/similar details used on a site above):
These lists are by no means exhaustive, but merely some of the more commonly used sites/services, some of which we use here at SocialSafe and had reason to check on today. Obviously if a site or service not appearing on our ‘Fixed’ list subsequently declares that they have fixed the issue, then take their word over ours!
We sincerely hope that none of you are adversely affected by the Heartbleed vulnerability and that you manage to change your passwords with minimal hassle. Please pass this blog post on to friends, family, co-workers and clients, and help spread the word.
– the SocialSafe team