The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This vulnerability means that a third party could potentially intercept information protected, under normal conditions, by SSL encryption; things like user passwords, account information and credit card details.
Only servers running one of the versions of OpenSSL released in the past year are affected by this bug. Unfortunately that includes most Internet servers, which means everyone is potentially affected, and the best way to protect yourself is to change all of your passwords.
What sites are impacted by Heartbleed?
As many as two-thirds of all websites may be using OpenSSL. Many of these sites are vulnerable to the Heartbleed encryption bug. Mashable has compiled an extensive list of some of the sites affected, and there are also a few services, like filippo.io/Heartbleed that let you test lesser-known websites yourself. However, this only checks for current vulnerability and doesn’t tell you if there was a problem in the past or if any account information was compromised.
Who has been affected by Heartbleed?
The Heartbleed bug affects small and large sites alike, including the Canadian Revenue Agency, which had to shut down its site after 900 customers had their social security insurance numbers stolen. Numerous other sites have been affected, including Yahoo, Google, Instagram, Netflix, Box, Dropbox, and Flickr, so it’s safe to say that everyone using the Internet should be concerned.
Was Firmex impacted by Heartbleed?
No. Only servers using OpenSSL technology were impacted by Heartbleed. This does not include Firmex.
It’s always a good idea to use a different password for every account you own, but you should also regularly change and update these passwords. Now would be a good time to start doing this. Unfortunately, there’s no way of knowing exactly which accounts, if any, have been compromised. The best solution is to change all your passwords.