Password leaks and targeted attacks are nothing new and the latest security bug related to a massive loss of passwords across the world is ‘Heartbleed’. This bug has received a lot of media coverage over the last few days, so there is a lot of confusion about what it is and what one needs to do to fix the issue.
This blog post aims to help you better understand what Heartbleed really is and what you need to do in order to secure your presence online. Heartbleed has affected about 17% (close to 500,000) of the web servers across the world, so there is a high chance that you are affected by this too. With that in mind, here’s what you need to know now.
Fact # 1: What exactly is Heartbleed?
Heartbleed is a security bug that affects servers that use OpenSSL (Secure Sockets Layer) technology. When you log in to your email account, or make a financial transaction online, the server that hosts this activity is protected by the SSL technology, which is denoted by the symbol of the padlock near the address bar and the unmistakable presence of “HTTPS” as a prefix of the URL itself.
Heartbleed is a bug that afflicts this very protective measure and exposes information that SSL attempts to protect. What this means then, is that sensitive information like passwords, credit/debit card details and more are susceptible to this bug and can be stolen.
What this means is that there is nothing wrong with your PC or your antivirus software. This is an issue that needs to be dealt with by the people who run the websites that make use of SSL. Moreover, if you are surfing the Internet you will not be able to tell if a service you are using is affected by Hearbleed or not.
Fact # 2: Which websites and online services are affected?
While most of the sites that have been affected have taken corrective steps already, there are bound to be many more which are still working on it. If you use some of the following services then there is a high chance that your password and details may have been leaked.
|
Gmail |
Amazon |
SoundCloud |
|
Yahoo Mail |
Flickr |
YouTube |
|
|
Minecraft |
Wikipedia |
Tumblr |
GoDaddy |
Netflix |
Dropbox |
As you can see, the list is huge. There are several more services that have been affected, so the potential damage here is substantial.
This online tool can also help you ascertain whether a particular URL is afflicted or not. If you carry out online banking transactions, then we highly recommend that you change your account passwords. Also, check this tool to see if your bank’s online portal is affected by Heartbleed or not.
Fact # 3: What do you need to do?
While there is nothing specific that you can do to combat Heartbleed, one major precaution you should take is change ALL your online passwords right away. This will ensure that if any of the services you use have been afflicted by Heartbleed, then at least your passwords will be safe. Apart from this, stay alert about any unusual activity on your accounts. If you feel something is out of the ordinary, take the necessary corrective steps as soon as possible. Moreover, spread the word about Heartbleed and inform your friends and family members as well.
WARNING: Be on the lookout for fake password reset emails
With such widespread activity occurring simultaneously with regards to password changes all over the world, this is bound to lead to several phishing emails about password resets. Be on the lookout for such emails and stay away from fake emails that ask you to change your passwords. Read here for some tips on how to recognize fake phishing emails.
Quick Heal will keep you updated about any further developments and news regarding Heartbleed, so keep checking back for more information.
nice…
Dear sir,
Thanks for giving precious information about changing passwords. Please advise whether banking account passwords are to be changed or all the passwords including passwords for email accounts are to be changed.
Hi SPS Bindra,
It is advisable to change all the passwords – email accounts and banking accounts. It is not yet known if banking accounts are affected, so it is better to change them so as to be safe.
Thanks and regards.
Can the password be hacked during changing them as well??
If yes, what process should be followed while changing them??
Hi,
No the passwords cannot be hacked while changing them. You can safely change them.
Thanks.
thanks for your information
Dear Mr. Rahul Thadani, It’s not advisable to change all your p/words in one setting! Crucial first, others say in 10/15 days. I change my banking p/word et al; in one setting, what guarantee that my bank’s server is not infected? In the event my machine is infected how do i know? Quick Heal will highlight it? Delete/repair! What next? How many servers including twenty odd mentioned by you – by name – have informed it’s users of the re-issuance of site certificate for their upgraded servers? That it has right version of Open SSL/TLS! The bug has been around… Read more »
Hi Vinay, Thanks for your valuable insights and points. It is a coincidence that Heartbleed and Windows XP EOL came about at approximately the same time. But then again, nobody can say that for sure. However, with such a bug it is better to go through the trouble of changing passwords every once in a while, rather than risk keeping them the same and having them exposed to malicious parties. Your points about Windows platforms are true as well. Nonetheless, this is something all users and software manufacturers have to live with. Do write back with further feedback if you… Read more »
good
Thanks…
Very important and helpful information.
This is really very practical and real time warning which your esteemed institution has given its users. Will surely help.Another issue is that the financial institutions in consultation with ITES providing Anti-Virus solutions have mandatory obligation to protect their customers and clients.
Thanks & Regards,
Lt Col Sandeep Singh Bajwa.
Very rightly guided by you.Thanks.In future always guide like this.
Very rightly guided by you.Thanks.In future always guide like this
super
Thank you Quick Heal for such an important piece of Information.I hope you guys will always try to keep us safe.I am earnestly looking forward for a newer updated article.
thanks! I’ll change my passwords right away.
The information was really helpful. Keep me updated.
Good one
It’s very useful
Thanks a lot for getting us updated.
Thank You For posting this information.
Its very useful for us.
thanks sir
Thanks for information
Useful
Thank you for precious information.
Thanks for the info.
Is mobile browsing at the same risk level as Laptop/PC browsing?
Hi NV,
Yes, mobile browsing carries the same risks as laptop/PC browsing. Heartbleed is a bug with regards to the SSL security that websites use. So irrespective of where you access the site from, the risks are the same.
Hope that helps.
I have found some “heartbleed” folder in my windows 7 and deleted that. I have not marked exact location though. I am not confirmed that it was vulnerable or good. I have just deleted that folder. Please check your system folders carefully.
Thank you for this precious information
its really helpful attention…..thanks a lot…
Thanks for the useful information.
Thanks for the timely usefull info, will change the passwords asap.
Is it safe with Quickheal ? Does Quickheal support the safety of my PC from this virus?
Hi,
As mentioned, Heartbleed cannot be controlled from your PC’s side. The host server needs to ensure that their data is secure by plugging this security bug.
Thanks.
Thank You For This Precious Information.
thanks
Suppose we change our bank a/c password, is not possible that the new pass word also gets theft? Then what is safety?
Hi Hasmukhrai,
There is no ideal frequency for changing passwords. It all depends on how many different devices you access your accounts from and what their security levels are like. Online banking account passwords usually need a change once in 6 months, but for other accounts it is quite safe to continue using the same password, as long as it is a good one.
Thanks.
sir please tell,how we can be safe by changing our password because it chance again may be leaked…….and to change password always its impossible….so give proper measure to overcome this problem……
Hi Amit,
Unfortunately, when such leaks happen, it becomes necessary to change passwords. So all we can do as users of such services, is to change passwords when these leaks occur.
Regards.
Thanks Quick Heal for this information.
Thanks
Congratulation quick heal, really you have given a very very useful information.Thanks for your support.
Thanks a lot for this important information.
thanks a lot
Thank you for Information
Thanks
People use their intelligence wrong way
Wish this intelligent people use their knowledge in a better way
God guide them on right track
thanks, keep informming me about the latest news on this topic
please tell me the frequency for changing the password/s because itis really difficult to memorise every changed password. my netbanker has stipulated changing password evey six maonths(SBI NET, protected with VERYSIGN). also keepa dvising about the latest info. thanks.
Hi Ravindra,
There is no ideal frequency for changing passwords. It all depends on how many different devices you access your accounts from and what their security levels are like. Online banking account passwords usually need a change once in 6 months, but for other accounts it is quite safe to continue using the same password, as long as it is a good one.
Thanks.
If I change the password now while the site is still affected, is it not possible that the bug would steal the new password too?
Hi Anup,
Ever since Heartbleed has been exposed in the public domain, all the major sites have been working to rectify the issue. With the amount of time that has now passed, it is safe to assume that most sites would have fixed this. If not, it would severely hurt their consumer base and their credibility. So, you can safely change your passwords now.
Thanks.
Grateful to the QHT that had given this vital information and thanks to their R&D team who taken pain to diagonise this virus…….with regards
hi,
pl guide abt the online tool …u have given link to, in your article….
It shows some other website..\
regards
Hi Hema,
It is fine to use this tool to check for Heartbleed.
Thanks.
Thank You For Your Precious Advice.Is There Any Software Which Can Protect Our PCs Against Heartbleed?
Hi Harshit,
There is no need for a software to protect your PC from Heartbleed. This is a security loophole in the host server so it is out of your PC’s domain.
Thanks.
good
very good useful information
Hats off for such a superb information. Keep it up!!!
thanks
sir
I m using Xperia C, it refuses to respond and screen goes black, ring comes and I m able to receive call only with idea what may b the reason.
Thanks
Hi Sachin,
To solve your issue, you are requested to call our support center on 0-927-22-33-000. Or visit this link to submit a ticket – https://www.quickheal.com/submitticket.asp. Our support team will help you rectify this issue immediately.
Thanks.
Is it necessary to change the 3D security number of credit card ?
Hi Sukomal,
Can you please elaborate on the question? Are you talking about the 3-digit security PIN at the back of the credit card? This number cannot be changed as it is unique for your credit card number. Moreover, it does not need to be changed as well.
Thanks.
Dear Rahul,
How do we know which website has been inflicted by Heartbleed?
Best
Anupam
Dear Anupam,
The link that is provided in the blog post allows you to check if a website has been affected or not.
Thanks.
good awareness/knowledge
but can you tell me all these host’s Database are 100% Infected or not and how can this bug work :-
Facebook,Gmail,Amazon,SoundCloud,Instagram,Yahoo Mail,Flickr,YouTube,Pinterest,Google,Minecraft,Wikipedia,Tumblr,GoDaddy,Netflix,Dropbox
Dear Hari Prasad,
Most of these hosts would have resolved the issue of Heartbleed by now, as their market value and credibility depends on that. This bug opens up the servers of these hosts and potentially exposes passwords that are stored on them.
Regards.
If the services are affected we are not able to detect the bug. In such situation, how much is it safe to reset the passwords of affected services ?
Hi Dr. Bipin,
Ever since Heartbleed has been exposed in the public domain, all the major sites have been working to rectify the issue. With the amount of time that has now passed, it is safe to assume that most sites would have fixed this. If not, it would severely hurt their consumer base and their credibility. So, you can safely change your passwords now.
Thanks.
is there any app to protect from Heartbleed for my phone
Hi Prashant,
What OS and version do you have on your phone? As of now, only Android 4.1.1 seems to be vulnerable.
Thanks and regards.
4.2.2 android