The Heartbleed bug is a serious vulnerability in the popular OpenSSL cryptographic software library, which has seriously disrupted the online community. And, the bug has apparently affected Google Inc. (NASDAQ:GOOG) the most. The bug essentially allows anyone on the internet to read the data of the systems, protected by the vulnerable versions of the open SSL software. This compromises the secret keys used to identify the service providers, allowing hackers to eavesdrop on communications and steal data directly from the services.
Social Media websites have been the worst affected, while Business websites like Amazon Web services are urgently releasing patches to fix the bug. Conflicting report have caused confusion and panic, as nobody is clear about how many websites are affected, or whether the servers for other popular websites have been patched. The bug leaves no traces of abnormal activity, so it is difficult to establish exactly how many people have been affected.
Here is an infographic to clear the confusion about which passwords to change, which websites have been affected and whether the servers have been patched.
- At least 500,000 servers have been affected, which are used by many of the popular websites including Yahoo, Tumblr, Flickr and more.
- 55 million Android smartphones are at risk, which is a small fraction of the one billion devices powered by Android. Apple’s servers were not affected, since open SSL was not implemented.
- Facebook, Tumblr, Youtube, Blogger, Google and G-mail are just a few of the websites, where changing password immediately is recommended.
- If confirmation appears from a website that bug has been fixed, change the passwords of sensitive accounts, especially banks and e-mails.
- Contact companies and websites that have your data, especially smaller ones, to check what steps are being taken to fix the bug and protect your data.
- Check to see if a website has been affected with this tester https://filippo.io/Heartbleed/.