Search icon


10th Apr 2014

What’s Heartbleed? Here’s Everything You Need To Know About The Online Security Threat

Protect yourself.

Over the last few days, there has been a global online security crisis after it emerged that an encryption flaw called Heartbleed could have compromised passwords and other sensitive information.

Here’s a rundown of what you need to know.

What is Heartbleed?

Heartbleed is a flaw that has been recently discovered and impacts on network software called OpenSSL, an open-source set of libraries for encrypting online services. Secure websites with “https” in the URL make up 56 per cent of websites and nearly half of those sites were vulnerable to the bug. While it had been thought that information held by these websites was safe and secure, researchers have now found that the Heartbleed bug could be used to make network requests and piece together data such as passwords or credit card details.

What difference does it make to me? 

If you used one of the affected sites in the last two years, your information could have been available to prospective hackers. Theoretically, people could exploit Heartbleed to eavesdrop on your communications, steal data directly from the companies and users and impersonate services and users.

What sites are affected?

Some of the most popular social networking and online shopping sites could have been affected, including Facebook, Twitter, Google and Amazon. Security company Last Pass has set up a site that allows users to enter a URL and check if the site has been compromised, which you can access here.

What can I do?

The first responsibility lies with the companies that own the affected sites, as they have to implement a fix or ‘patch’ to remove the security threat. Once they’ve done this, users are advised to change all their passwords in case their information has been compromised. To be on the safe side, create a new password and don’t use the same combination on several of your accounts.

How will I know if the site has been fixed?

Many of the leading tech websites are doing constant updates on the situation so keep an eye on these for the latest developments. Mashable currently has a Heartbleed Hitlist, which gives a good indication of where the major sites are at.

Photo via Business Insider