Heartbleed – What passwords are at risk?
As most people connected to the net will have heard there was a major encryption flaw discovered during the week that affects a number of high profile sites. While the extent of the damage is unknown the list below is the of common sites and whether you need to change you password. Bear in mind that if one of these sites says Change Password and you use the same password on other sites (bad idea to start with!) then you need to change the passwords on the other sites too, even if they don’t require it (hence the bad idea statement above).
Full Details on the vulnerability are still unfolding however the gist of the matter is that information sent over the web encrypted (the https prefix or ‘lock’ icon you were taught to look for on a secure site) was vulnerable to interception on OpenSSL sites. This means potentially usernames, passwords, and even credit card numbers. That said it is still unclear who was aware of the bug and if it was utilised on any of the affected sites. At the end of the day, it’s better to be safe than sorry.
Any companies I’ve left off that you might be looking for just stick them in the comments below and I’ll try get the details.
|Site (a-z)||Impacted?||Change Password?|
|Amazon Web Services||Yes||Yes|
|Bank Of Ireland||No||No|
Last updated 23rd April 2014