Password security – Heartbleed bug

Brilliant Geeks | Posted on April 12, 2014 |

Bad news.

A major vulnerability, known as “Heartbleed,” has been disclosed for the technology that powers encryption across the majority of the internet.

This means that the little lock icon (HTTPS) we all trusted to keep our passwords, personal emails, and credit cards safe, was actually making all that private information accessible to anyone who knew about the exploit.

This might be a good time to change your passwords everywhere—especially your high-security services like email, file storage, and banking, which may have been compromised by this bug.

We hope the following information is helpful and if you are still in need of help you can contact us for a consulting session.

What to do next:

There is really no simple way to prevent your accounts from being affected by future bugs or security breaches but for this specific but here are some of the options to see if the web services you have accounts with are affected by the bug.

Manual check: You can check your websites manually using the tool offered by LastPass https://lastpass.com/heartbleed/

Automatically: -> Sign up for a Free LastPass account <-

Manage all your passwords from one location. Please create a super-strong password when signing up for LastPass as this is your master-key to all your passwords. Watch the video below on how to set up LastPass.

After signing up for LastPass and using it to input your passwords you can then run their security check which will tell you what sites you are member of are vulnerable.
If you already have a LastPass account you can read this link on how to run the Security Check.
http://blog.lastpass.com/2014/04/lastpass-now-checks-if-your-sites-are.html

Below is a partial list of passwords you should change based on the Heartbleed bug fixes.

Change these passwords now (they were patched)
Airbnb
Google, YouTube and Gmail
Facebook, Instagram
Yahoo, Yahoo Mail, Tumblr, Flickr
OKCupid
Pinterest
Wikipedia
Etsy
GoDaddy
Netflix
USAA
DropBox
EventBrite
FatWallet
Reverbnation
Economist
FitBit
CreditKarma

Don’t worry about these (but change them if you used the same passwords as on the websites above)
Amazon
Apple, iCloud and iTunes
AOL and Mapquest
Bank of America
BECU
Capital One bank
Charles Schwab
Chase bank
Citibank
E*Trade
Evernote
Fidelity
Healthcare.gov
HSBC bank
Hulu
LastPass
LinkedIn
Microsoft, Hotmail and Outlook
PayPal
PNC bank
Scottrade
Target
TD Ameritrade
Twitter
U.S. Bank
Vanguard
Walmart
Wells Fargo

Sources:
http://money.cnn.com/2014/04/10/technology/security/heartbleed-passwords/index.html
http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/