For years, your data could have been compromised without your knowledge. The cause? The Heartbleed bug, an internet bug which exposed user information on roughly 66% of the web. But before you panic, you can follow five simple steps to protect yourself.
If you’ve ever seen the padlock that shows up in the address bar of your browser, it tells you that the connection is secure, that the information traveling between your PC and the website is encrypted, and that nobody else can access it. In addition to the padlock, you should be able to see that the address starts with HTTPS, the ‘S’ standing for ‘secure’. It’s a spy-proof tunnel that nobody can break with conventional methods.
Even the most powerful of programs can be vulnerable, and your browser’s padlock isn’t always immune to failures. The bug that was discovered this week, Heartbleed, is one of these failures, and a very scary one: it lets anyone trick the padlock and read all the information you’re sending. Hackers don’t even need to eavesdrop from the server: all they need to do is ask a special “question”.
An estimated 17.5 % of the sites that use HTTPS are vulnerable, although that doesn’t mean that they’re unsafe or have already been affected. The good news is that the fault is being fixed everywhere. OpenSSL, which is the defective “padlock”, is being updated to the 1.0.1g version, which is safe. Unfortunately, the damage is done, and we can’t know for sure if passwords have been stolen.
The best idea is to start protecting your accounts now by following the steps below.
Five steps to stay safe
Changing all passwords immediately isn’t the solution, because if the site you’re using is still vulnerable, the new password will protect it just as much as the one you had before, which is basically not at all. First, you should immediately check if the sites you use are vulnerable, using the Heartbleed Test.
- Log out from all the sites and apps you’re using. The aim is to stop browsing or using services that are potentially affected.
- Check the status of every website you use with Heartbleed Test, which is a free online tool.
- If it’s green, go ahead and change your password to one that is unique and strong.
- If it’s not green, wait. Repeat the test until you get the green light.
- If you receive emails inviting you to change your password, do it, but make sure it’s not an email scam; some hackers could take advantage of the situation and steal your password.
Change your password only if the result of the Heartbleed Test is green (secure)
If you do change your passwords, never use the same, or even old ones, if you do and one of your accounts fall, the rest will follow. On the other hand, consider using a password manager like LastPass– it even tells you whether passwords can be changed or whether it’s better to wait:
LastPass not only manages your passwords, it also tells you when it’s best to change them
Two safety tips for the future
Enable two-step verification. It sends an additional code to your phone when you access a website for the first time, and prevents access to your account, even if someone has your password. You can do this for Google, Microsoft, Facebook, DropBox, WordPress and many other services.
It’s also recommended to close all the accounts you don’t use anymore, because some sites might not be updated and would remain vulnerable. Having fewer accounts is a healthy preventive measure to stop hackers from stealing data from your main account.
The Internet will now be a safer place
There is a positive lesson we can learn from this incident, and that is that despite the severity of the failure, its discovery and solution has strengthened the security of the websites and applications we use every day. It’s also raised awareness for the need for more secure identification systems.
Starting to improve the security of your data with the two-step verification and a good password manager is the best place to start. If you want to take things one step further, you can even try using encryption technologies and hiding your data to make sure that these kinds of security issues will be even less likely to affect you.