Security experts have identified a digital bug that is sweeping across the Internet, infecting as many as 60% of websites. Some say it’s the biggest security threat the Internet has ever seen.
The Heartbleed bug affects websites that use OpenSSL software. This includes any website with “https” in the URL (the “s” being the important identifier). Heartbleed gives cybercriminals access to personal information, including passwords, credit card numbers, and email accounts. Gmail, Yahoo, and Facebook are some of the major websites infected by the bug.
What does this mean for me?
The good news is that there is already a fix.
You may have heard that the Canada Revenue Agency has shut down public access to their online services. They say the shutdown is only precautionary and that things should be up and running over the weekend.
“We are currently implementing a solution, or “patch”, for the bug, and are vigorously testing all systems to ensure they will be safe and secure once the site is re-launched,” says the CRA.
The shutdown is a good thing. It means they are taking advantage of the fix to maintain the protection of our sensitive data.
What Do I Need to Do?
“Be vigilant, and wait for updates,” says a tech expert from the Globe and Mail. You need to change your password after a site has been fixed with the security patch. Doing so too soon means the new password will still be vulnerable to hackers.
Mashable has put together a list of some of the most popular social, email, and commerce sites affected by the bug, and lets you know whether it’s time to change your password. You should change your passwords on the following sites immediately:
- Google, Gmail
- Yahoo, Yahoo mail
Canadian banks, airlines, and major online retailers like Amazon.ca and Wal-Mart have confirmed that they were not affected by Heartbleed.
Mashable promises to update their list as information is made available. Check back to see if it’s time to change your password.
Password Setting Tips
A few tips to consider when resetting your passwords:
- Diversify. Try not to use the same password for all of your online accounts. At the very least, use different passwords for accounts that save credit card information.
- Use long, complicated passwords. Include numbers, upper and lower case letters, and punctuation.
- Change your passwords regularly.