Fortunately for us and Billy Ray Cyrus, mullets have gone the way of the dodo, but the Heartbleed vulnerability is yet just another reminder of how susceptible we are to data breaches and leaked information.
We’re not an IT company, and we don’t play one on TV, so we can’t get into the technical mumbo-jumbo about what happened. (If you’d like to learn more, here are a couple technical blogs that can explain it to you: Cryptographic Engineering and existentialize.) In layman’s terms, Heartbleed is not a virus, but a mistake written into a type of code called OpenSSL, “a security standard encrypting communications between you, the user, and the servers provided by a majority of online services,” as explained by McAfee. Unfortunately, because a vast array of popular websites utilize OpenSSL, a massive number of usernames, passwords, and other sensitive information was exposed to hackers.
The obvious question then is, who was affected?Here’s a partial list compiled by Mashable, and here’s a much longer list, but the highlights include:
- Google/Gmail/YouTube/any Google service
- Yahoo/Flickr/Yahoo mail
(Note: Most banks, financial services, and government entities have NOT been affected)
So, what does that mean to the average person or business?
First and foremost, many of the passwords on your favorite websites might be compromised. But, before you rush off to change all your passwords, make sure that the website has updated their code the fix the mistake. Using the Lastpass Heartbleed checker, you can test a website to see if you’re still at risk.
If the website is now secure, change your password ASAP! But remember, never repeat a password on different sites, because if a hacker can crack one website, the rest of your logins are vulnerable.
Watch this quick video about creating a secure, unique, and memorable password for all your accounts…
The best practice is to change your password often. Utilizing a password manager to keep track of all those passwords can be helpful. Here’s a review of some of the password managers available.
Then find out how secure your password is: The site 'How Secure Is My Password' will test your password and tell you how long it would take a hacker to crack it.
Finally, remain vigilant. Check your financial accounts, especially your checking, savings, and credit card accounts daily.
And if you run a business, government, entity, or non-profit organization, please let us know if you’d like to learn more about cyber liability insurance. Please don’t hesitate to call me directly at 410-727-2211, just ask for Nickel.
Stay safe! --Nickel
