Several days ago a widespread security vulnerability was discovered which would allow hackers to steal digital keys from the servers of many websites, as well as the passwords, usernames, credit card information, and other personal data of users. The bug, dubbed “Heartbleed” after its discovery, was unearthed simultaneously by a Google researcher named Neel Mehta and a Finnish security firm called Codenomicon.
Over 17 percent of the top one million websites as ranked by Alexa.com could have been exposed to the bug according to information from Datanyze, and even certain devices running Google’s Android operating system (those on version 4.1.1) may be at risk.
With so many popular sites vulnerable to Heatbleed, many users are left wondering what they can do to protect their data and keep their personal information safe. In any circumstance like this, a common gut reaction would be to change every password one has that could have been compromised; that response is not exactly the wrong one to have, but you might actually want to hold off before resetting all your passwords.
Changing your log-in information will help a great deal in keeping your accounts safe—even if you’re fortunate enough not to have been impacted by Heartbleed, switching to a longer, more secure password is a good way to protect your data—but doing so before a website is free of this particular bug will not accomplish very much. If you were to reset your password on a website that has not yet been patched for Heartbleed it will do nothing to secure your information, as a potential hacker could still scoop up your info just as easily as before.
In order to ensure that your new password is not exposed, you should check whether a website was susceptible to this exploit in the first place, and then only alter it after that site has been confirmed to be safe. Several tools, including ones from LastPass and Qualys, can be used to check on the vulnerability status of the sites you frequent.