Security researchers can all come to an agreement on one thing- the Heartbleed bug could be one of the biggest security threats the Internet has ever seen. The bug has affected many well-known websites and services including Instagram, Google and Yahoo, and if you have logged into any of such websites over the last two years, your account security could be compromised, enabling hackers to steal your passwords, or snap-up your credit card information.
So in this present scenario, what should you actually do to protect yourself? Do you need to change your passwords? Or do something else? Read on to find out.
Is There a Need to Change Password?
Before you change your password to protect yourself from the Heartbleed bug, consider two things- was the website you have an account on affected by the bug? If yes, has that website updated its server to a new version of OpenSSL, and updated its security (encryption) certificates? If the website did not use a vulnerable version of OpenSSL, there is no need to change your password.
However, if the website was vulnerable to the bug, and has updated its servers with a security patch to fix the issue, this means you need to change your passwords immediately. In case, the website has not yet installed new security certificates, you must wait before you change your password as then your password could still be obtained by hackers.
But, note that is no guarantee whether your information was already compromised or not as there is no indication that hackers knew about the exploit before this week. The Internet companies are suggesting users to change their passwords as a precautionary measure.
Also, if you have the same password for multiple accounts on multiple websites, and one of those sites was vulnerable, you are required to change the password on every account.
Furthermore, make sure that you keep an eye on your all sensitive online accounts, such as banking and email, for any suspicious activity for a few days.
Source:Â http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/