During the last few days, the Heartbleed bug has caused widespread panic concerning the safety of transmitting and storing sensitive data over the internet.
What is the Heartbleed Bug?
Heartbleed is a security flaw discovered by security firm Codenomicon and members of Google Security. It’s found in OpenSSL, which is used to protect sensitive data such as e-mails, passwords or credit card data on thousands of servers worldwide.
How does Heartbleed affect me, and what can I do to protect myself?
There is a chance that attackers exploiting the Heartbleed bug could have compromised passwords or other sensitive information on vulnerable servers. One of the best ways to protect yourself is by changing your passwords immediately. Also, make sure to pay attention to your credit cards and banking info you may have used with online services and retailers.
Below is a list of familiar online services most of us use, and if they were affected by the bug. This is NOT a list of compromised services.
| Name | Vulnerable? | Patched? | Change password? |
|---|---|---|---|
| Amazon | No | No need | Only if shared with vulnerable service |
| Amazon Web Services | Yes | Yes | Yes |
| Apple | Not clear | Not clear | Not clear |
| Barclays | No | No | Only if shared with vulnerable service |
| eBay | No | No need | Only if shared with vulnerable service |
| Evernote | No | No need | Only if shared with vulnerable service |
| Yes | Yes | Yes | |
| Google/Gmail | Yes | Yes | Yes |
| HSBC | No | No need | Only if shared with vulnerable service |
| If This Then That | Yes | Yes | Will force users to log out and ask them to update |
| No | No need | Only if shared with vulnerable service | |
| Lloyds | No | No need | No |
| Microsoft/Hotmail/Outlook | No | No need | Only if shared with vulnerable service |
| PayPal | No | No need | Only if shared with vulnerable service |
| RBS/Natwest | No | No need | Only if shared with vulnerable service |
| Santander | No | No need | Only if shared with vulnerable service |
| Tumblr | Yes | Yes | Yes |
| No | No need | Only if shared with vulnerable service | |
| Yahoo/Yahoo Mail | Yes | Yes | Yes |