By Samuel Willis
What is Heartbleed?
You see, Heartbleed is a bug in OpenSSL, which is the most popular security implementation used to encrypt data on the internet. This bug allows a hacker to read information that was meant to be secure in an utterly untraceable way. In other words, a hacker can enter into a site through the heartbleed bug and gather crucial information about its users, such as usernames, passwords, and other data. The makers of Heartbleed.com attempted an attack on themselves through Heartbleed, and this is the information that they reported being capable of receiving.
“We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication.”
Is there a fix for this?
In short, yes.
In detail, it really depends on the website. A fixed version of OpenSSL has been released but websites have to update their systems before it can take effect. Of course, the largest companies have already implemented emergency patches as of now, but not everyone has updated yet. For example, there are still millions of apps in the app store that are affected by Heartbleed.
How does this affect me?
During the time before Heartbleed was fixed, many essential websites were left wide open to numerous hacking attempts. These essential websites include even the most well-known sites, such as Facebook, Instagram, Google*, WordPress (the site that we are hosting on right now), and even Healthcare.gov*. Due to the untraceable hacking, many users (such as you) will have lost their private information. This private information includes not only usernames and passwords, but also the content of online conversations and business critical information. This information allows hackers to steal your identity and access to whatever may be available on that account. If you use the same password across multiple accounts (as many do), then all of those accounts are now endangered as well!
What do I do about this?
Chances are you have an account on at least one of the affected websites, and you should absolutely change your password for them as soon as possible so as to prevent further damage. In addition, if you use the same password across multiple accounts, then change the password on those sites as well.
For a full list of affected websites, visit here: http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/
If the website that you are looking for is not on there, then plug in the website name here: https://lastpass.com/heartbleed/
*Both Google and Healthcare.gov have denied losing private information from Heartbleed – but Google has admitted being affected by it in the past and Healthcare.gov advises resetting passwords for the sake of “an abundance of caution.” Regardless of what the site says, it is better to be safe than sorry.