Heartbleed – What passwords are at risk?

Heartbleed – What passwords are at risk?

As most people connected to the net will have heard there was a major encryption flaw discovered during the week that affects a number of high profile sites. While the extent of the damage is unknown the list below is the of common sites and whether you need to change you password. Bear in mind that if one of these sites says Change Password and you use the same password on other sites (bad idea to start with!) then you need to change the passwords on the other sites too, even if they don’t require it (hence the bad idea statement above).

Full Details on the vulnerability are still unfolding however the gist of the matter is that information sent over the web encrypted (the https prefix or ‘lock’ icon you were taught to look for on a secure site) was vulnerable to interception on OpenSSL sites. This means potentially usernames, passwords, and even credit card numbers. That said it is still unclear who was aware of the bug and if it was utilised on any of the affected sites. At the end of the day, it’s better to be safe than sorry.

Any companies I’ve left off that you might be looking for just stick them in the comments below and I’ll try get the details.

Site (a-z) Impacted? Change Password?
1Password No No
Amazon No No
Amazon Web Services Yes Yes
Apple No No
Bank Of Ireland No No
Barclays No No
Box Yes Yes
Danske Bank No No
Dashlane Yes No
Dropbox Yes Yes
Ebay No No
Etsy Yes Yes
Evernote No No
Facebook Unknown Yes
Flickr Yes Yes
GitHub Yes Yes
Gmail Yes Yes
GoDaddy Yes Yes
Google Yes Yes
Groupon No No
Hotmail No No
Hulu No No
Instagram Yes Yes
LastPass Yes No
LinkedIn No No
Microsoft No No
Minecraft Yes Yes
Netflix Yes Yes
outlook.com No No
PayPal No No
Pinterest Yes Yes
RealVNC No No
Revenue.ie No No
SoundCloud Yes Yes
Tumblr Yes Yes
Twitter No No
Wikipedia Yes Yes
WordPress Unknown Unknown
Wunderlist Yes Yes
Yahoo Yes Yes
Yahoo Mail Yes Yes
YouTube Yes Yes

 Last updated 23rd April 2014

Leave a Reply

Your email address will not be published. Required fields are marked *