The bug was patched over a month ago, but half of the websites that were first identified with Heartbleed have still not patched this bug.
The Heartbleed bug allows a hacker to break into secure communications on websites. This means that if you log into a website that is not protected from this bug, your account details are not secure and can be stolen.
This "https" and padlock symbol usually means that the website you are logging into is safe, but the heartbleed bug causes this secure connection to be hijacked by hackers and find out your accounts details. Just because this icon means it is not secure because of the Hearbleed bug, to find out if it is safe use this link and enter the web address, it will tell you if the website has applied the patch.
Because of the amount of websites that this flaw effects, it is hard for websites to contact each of their members individually. They are also not under any obligation to tell users if they are protected against this flaw or not.
Will I be safe if I change my password?
It is recommended that you change your passwords only when the websites have protected themselves against this bug. This is because if you change your password before they are protected, then the hackers will still have access to your new password. Only change your password once the site has told you that they are safe.
Amazon.com, Twitter and PayPal were never affected by this bug. Facebook, Instagram and Netflix have all recommended that you change your passwords for their websites as they were affected by this bug but immediately patched it.
Learn more about how our IT experts can protect your business.