The Heartbleed Hit List: The Passwords You Need to Change Right Now

Don · Apr 11, 2014

I've culled this list from the article but here's the link to it:

http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/?utm_cid=mash-com-fb-main-link

Do you need to change your password?

Social media:
Facebook - yes
Tumblr - yes

Other companies:
Google - yes
Yahoo - yes

Email:
Gmail - yes
Yahoo mail - yes

Stores and Commerce
Amazon Web Services (for website operators) - yes
eBay - unclear (??? Do it anyway!)

Government and Taxes
Intuit (Turbo-Tax) - yes

Other:
Drop box - yes
LastPass - yes
Netflix - unclear (??? Do it anyway!)

DACarryman · Apr 11, 2014

have these sites been 'fixed' so changing the password will keep it protected?

Cowboysfan · Apr 11, 2014

DACarryman said:
have these sites been 'fixed' so changing the password will keep it protected?

Good question

Sent from my iPhone using Tapatalk

DACarryman · Apr 11, 2014

Yahoo has posted that they have fixed their SSL across all of their platforms.
https://help.yahoo.com/kb/SLN24021.html?impressions=true

shrek · Apr 11, 2014

DACarryman said:
have these sites been 'fixed' so changing the password will keep it protected?

If they haven't then changing your password is pointless.

Garyshome · Apr 11, 2014

I don'i put much stuff out there, never have, never will.

NCm4 · Apr 11, 2014

shrek said:
If they haven't then changing your password is pointless.

+1

As a security person myself, I would also keep in mind that while these organizations are working to upgrade the affected version of OpenSSL, you may see an increase in phishing emails requesting password changes. Some groups will not have the resources to exploit the Heartbleed bug, but this is where the mind goes next.

Lastpass has a Heartbleed site checker that works ok...

https://lastpass.com/heartbleed/

The Heartbleed Hit List: The Passwords You Need to Change Right Now

Top Contributors this Month

Recommended Communities