According to a survey released on Wednesday by the Pew Research Internet Project, fewer than half of all American Internet users have taken any sort of steps to protect themselves against the widespread online security vulnerability created by the Heartbleed bug.
Heartbleed is a coding error inserted into the open-source encryption system, OpenSSL, used across much of the Internet. If utilized by hackers, it could result in information meant to be sent securely between users and websites to be intercepted in an unencrypted form by an attacker.
In the wake of Heartbleed’s recent discovery by researchers at Google and online security firm Codenomicon, security experts urged every Internet user to change all of their passwords because the scale of the vulnerability was so massive, and a successful Heartbleed attack is virtually undetectable.
This Pew survey, which was conducted using phone interviews with approximiately 1,500 adults in the U.S., found that only 39 percent of respondents took steps to protect their passwords and online accounts post-Heartbleed. Interestingly, only 29 percent said they believed their own personal information was put at risk by the bug—meaning 10 percent of respondents changed their passwords even though they though nothing bad might happen to them if they didn’t.
Even so, getting nearly forty percent of Americans to do anything is an impressive achievement. But it still means that most U.S. Internet users could still be vulnerable to having their identities stolen through Heartbleed. If an attacker used Hartbleed to learn someone’s username and password for a given website, they can use that information to log into that site and cause trouble. And if people use a single set of login credentials across multiple Web platforms, there’s the chance that just one unsecured password could cause their entire online identity to unravel.
The survey also noted that 60 percent of respondents had heard about Heartbleed.
While it’s hard to know how many websites were compromised by Heartbleed before the bug became public knowledge, it’s assured there were a lot of people who took advantage of it immediately afterward. Many of the larger sites fixed their Heartbleed vulnerabilities immediately, but others may have taken far longer to update to a new version of OpenSLL that’s been immunized against the bug.
Cybersecurity experts believe that up to two-thirds of the sites on the Internet were vulnerable to Heartbleed prior to its disclosure on April 7.
Earlier this month, authorities in Canada arrested a 19-year old hacker who allegedly used Heartbleed to enter into the system of the Canadian Revenue Agency and access the personal information of over 900 Canadian citizens. This hack came after news of Heartbleed started circulating, and it is unlikely to be an isolated case.
Nevertheless, most Americans reported feeling relatively comfortable with their electronic data. The survey found that 69 percent of respondents said they felt either ‟very secure” or ‟somewhat secure” about the security of their personal information online.
Photo by Berishafjolla/Wikimedia Commons (CC BY-SA 3.0)