Announcements Discussion

Do You Know Which Passwords To Change After Heartbleed?

by
1 Comment on Do You Know Which Passwords To Change After Heartbleed?

You will no doubt have read or heard an awful lot about the ‘Heartbleed’ security vulnerability affecting a huge number of websites and online services, and you will also have been told to change a lot of your passwords. The problem with doing that right now is that if the services themselves haven’t addressed the OpenSSL issue their end, then your new passwords would be just as at risk as your old passwords.

So the bad news is that you’ll probably have to change your passwords in stages, as each of the services you use gets around to fixing the issue. Thankfully a lot of these sites and services have been notifying their users when they’ve rectified the issue, giving them the all clear to go ahead and change their login information. There are also ways to test a site to see if it has been fixed or is still vulnerable, and our developers have been running checks on some the more commonly used sites and services this morning.

So we’ve got two lists of sites here:

Fixed – these are now safe and you should change these passwords now
Unaffected – these won’t have been affected by the OpenSSL issue. However, if you use the same or similar login credentials to a site that may have been exploited, we’d advise that you change these passwords too.

Fixed (change passwords now):

Adwords
Amazon
BT
Dropbox
ebay.com
econsultancy
Facebook
Gmail
Google+
Instagram
Netbanx
New Relic
PayPal
Play.com
Pocket
Sagepay
Stackexchange
Trello
Unfuddle
YouTube

Unaffected (only change if same/similar details used on a site above):

Adobe CC
Digicert.com
Eurostar
Evernote
Feedly
Freemarket FX
Godatafeed.com
Halifax
Hootsuite
Hotmail/Outlook.com
Innovateuk.org
Invision
LinkedIn
Mailchimp
Moo.com
Names.co
Natwest
Pivotal Tracker
Rapidswitch
Thawte
Twitter
Unbounce
Windows Azure

These lists are by no means exhaustive, but merely some of the more commonly used sites/services, some of which we use here at SocialSafe and had reason to check on today. Obviously if a site or service not appearing on our ‘Fixed’ list subsequently declares that they have fixed the issue, then take their word over ours!

We sincerely hope that none of you are adversely affected by the Heartbleed vulnerability and that you manage to change your passwords with minimal hassle. Please pass this blog post on to friends, family, co-workers and clients, and help spread the word.

– the SocialSafe team

1 comment

  1. Thanks for the list. But don’t Gmail, Google+, and YouTube all use the same account database? You only have to change one of those and they all change.

Comments are closed.