A web encryption flaw known as the ‘Heartbleed Bug’ made headlines this week, partly because it remained undiscovered for more than two years, but also because hackers could carry out an attack without leaving any trace.

‘Heartbleed’ is thought  to be one of the most serious security flaws ever found, and it’s estimated that around two-thirds of the world’s web servers run the software that contains the flaw, known as OpenSSL. This meant that until a security patch was installed they were vulnerable to attack .

The flaw meant that hackers could steal passwords, credit card details, encryption keys and other sensitive data.

Experts advised that people should change their login passwords, but only when there were sure a potentially affected website had updated it’s software. That’s because if a users changes their password while a site is still vulnerable, the new password will also be exposed to hackers.

The link, below, has a list of the most popular social media, search, email, banking and retail sites, with the latest information (10th April 2014) on whether or not the Heartbleed Bug flaw has been fixed:

Heartbleed: passwords that should be changed



Share This