GRAND RAPIDS, Mich. (WOOD) — A serious security flaw that makes your personal information vulnerable to theft has been detected and now users are encouraged to change their passwords.
The Heartbleed bug was discovered in early April, but has reportedly been around for two years.
“If your data was mined during that two-year period and you haven’t changed your password or credit card information or things of that nature, all that stuff is potentially still at risk,” said Syrewicze.
24 Hour News 8 spoke to Andy Syrewicze from Trivalent Group in Grandville to learn more about how the bug works and affects users.
“It actually encrypts the data as it passes between you and whatever service you’re talking with. It’s a vulnerability in the SSL protocol, which is the ‘S’ in the ‘HTTPS,’ said Syrewicze.
That means the OpenSSL software that hundreds of thousands of websites use to store your personal information is vulnerable for theft.
“The really malicious thing about this is the transaction can occur without you knowing. It’s like someone tapping your phone. You think you’re having a private conversation, the person you’re talking to thinks you’re having a private conversation, but someone’s tapping it and you don’t know,” Syrewicze told 24 Hour News 8.
There were a number of sites that were potentially affected by the Heartbleed bug. Many of those sites, like Facebook, Instagram, Google, Yahoo, Netflix and YouTube already patched up the problem, and have posted some kind of statement regarding the issue.
However, users still need to change their passwords for the fix to work.
“The key thing is you wanna make sure that you don’t change the password until you know the site has fixed the vulnerability because if you change it before, your new password is now at risk because they haven’t applied the fix,” he said.
The only way to protect yourself from the bug is a password change, something that Syrewicze recommends doing every three months.
“It’s the same advice that we’ve been preaching for months and months and years and years, change your passwords often. Don’t use the same passwords amongst different sites and just be aware,” he said.
- A list of all of the websites affected by the bug
- A website that will check out if your favorite websites are properly prepared for Heartbleed: https://filippo.io/Heartbleed/
Andy Syrewicze explains what the Heartbleed bug does to your system