Heartbleed is a significant security bug which affects around 17 percent of the web servers online. It is a bug related to OpenSSL library, which is used by 66% of the web servers, running Apache or nginx software. What makes it a major security bug is that it allows a hacker to steal session cookies and passwords, as well as server’s private keys even on websites which enforce an encrypted connection (with “HTTPS://” in the address).
Not only the web servers may be vulnerable to the security hole, but also the computers and mobile devices, including phones and tablets, if they have OpenSSL library installed.
What does it mean to an average computer user?
Heartbleed bug affects most computer users around the world both directly and indirectly. If you browse websites such as Facebook, Google, Yahoo and have your account there, you login data may be at risk. Major companies are taking immediate measures to fix the problem by updating a patched OpenSSL library on their servers. OpenSSL 1.0.1g, released on April 7th, 2014, is no longer vulnerable.
What should I do now?
The best option now is to change your passwords of all online accounts. While this might be a tedious task, you can use LastPass Heartbleed checker to see whether the website you have an account on is (or was) vulnerable to the Heartbleed bug. If you have an Android device, you can install Heartbleed Detector app, which will tell you whether your device has a vulnerable OpenSSL library. Please note that this will not fix the issue on your device – it has to be done either by Google or by your device manufacturer.
To keep your online accounts secure, you should enable two factor authentication for online services, wherever possible. Read our guide about two-factor authentication. To ease the pain of having passwords that you cannot remember, read how Lastpass can help you protect your passwords and fill login forms online.