Heartbleed bug – what is it and am I affected?

What is the Heartbleed bug?

The issue itself is specific to an application called OpenSSL which is used to encrypt data between a web server and a web browser. It is designed to prevent anyone ‘listening’ to your online activity and has therefore been adopted by many leading organisations as part of their security measures to protect online customers, from Amazon to local web traders.

Last week it was identified that a security hole left in the application means sites have been potentially open to data theft (unfortunately the opposite of what should have been in place). It means that over time random data may have been collected and potentially decrypted to obtain useful information, such as passwords or bank details. Reports claim that this hole may have been there for up to two years, however, it is not clear if this is a deliberate attack, or if any malicious activity has even taken place. All we know is that there was a gap, and in many cases this has now been closed.

I’ve heard I should change my password – should I?

Before rushing to change your password, first check whether the site has is still vulnerable otherwise you could be exposing your new password as well.

You can easily check which sites have been affected, and if they are now fixed at LastPass – https://lastpass.com/heartbleed/