One of the biggest security threats the Internet has ever seen hit early this week in the form on the Heartbleed bug, an encryption flaw that has exposed private data on millions of websites, including Yahoo, Airbnb, OKCupid, and Tumblr.
Because the bug affects roughly two-thirds of the entire Web, you’ve almost certainly been hit in one way or another. The brunt of the recovery responsibility is now on Internet companies and websites that must update their software and otherwise deal with Heartbleed. However, there are numerous ways you can protect yourself. Here's what you need to do until the heartbleeding has stopped.
Don’t login to websites until they’ve fully fixed the problem.
Websites still vulnerable to Heartbleed can potentially give away your username, password, and much more. A number of websites, like this one and this one, will tell you if the websites you frequent are unsafe. Steer clear of any sites that are listed as potentially vulnerable—your passwords and everything you do on the site can still be stolen.
Once a website is updated and safe, change your passwords.
Banks and email accounts contain extremely sensitive information that, thanks to this bug, could be snatched by attackers. That’s not all: Dating sites, social media, forums, and more can be affected. When a website is deemed safe, as described above, you should login and change your passwords for your own safety.
Even if your email password wasn’t directly breached, remember that many people use the same password for various accounts. If one account was breached, all other accounts that have the same (or similar) passwords become vulnerable. It’s a bit of a pain, sure, but changing your password now is something that can save you a lot more trouble down the road.
Watch your financial statements and email logins over the near future.
Heartbleed is not new. It was discovered by the public recently, but the vulnerability is at least 2-years-old. Pay close attention to financial statements and email account activity over the next days and weeks to see if anything strays from normal. If you want to check in on your bank or credit card accounts immediately, the safest bet is to call.
Illustration by Jason Reed