What is the Heartbleed bug?
This major software bug potentially puts tens of millions of consumers’ credit card, banking, email, social media and other online passwords and usernames at risk of hacking. This is potentially many times bigger than the recent hacking of Target shoppers’ credit and debit card information.
How it works
Widely used software used to encrypt (secure) Web communications is vulnerable and can be hacked to reveal sensitive data on servers’ memory, including the secret digital keys that would allow hackers to impersonate you or servers and steal your information.
You’re at high risk until your online provider, bank or social media provider fixes the bug, which is linked to the popular OpenSSL cryptographic software. An estimated two-thirds of Web servers use this encryption method.
What consumers can do immediately
1. Come up with new passwords—but maybe don’t change them right away. Make sure a website has fixed the flaw, or else your new password could be compromised as well and you’re no safer than before. Contact your online provider and bank and monitor the news and social media to see whether the websites you use have fixed the bug. You can also run a “Heartbleed test” at http://filippo.io/Heartbleed to see if a site is now safe.
2. Make sure you’re not using the same password among many different accounts. Your passwords should be long and complex, and should be unique to each website you frequent.
3. Keep an eye on your banking accounts, social media, other online accounts and credit report, and look out for any suspicious activity. If you see anything out of the ordinary, report it ASAP.
4. Continue to check your credit report three times a year. You can access your credit reports from each of the three major credit reporting bureaus — Equifax, Experian and TransUnion — for free each year at AnnualCreditReport.com. By requesting one report at a time every few months, you can space out your free access over the whole year.