Heartbleed vulnerability: Change your passwords

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.
Data pix.
Change theses passwords right now

NEW YORK (CNNMoney) -- Websites are racing to patch the Heartbleed bug, the worst security hole the Internet has ever seen.

As sites fix the bug on their end, it's time for you to change your passwords. The Heartbleed bug allowed information leaks from a key safety feature that is supposed to keep your online communication private -- email, banking, shopping, and passwords.

Don't change all your passwords yet, though. If a company hasn't yet updated its site, you still can't connect safely. A new password would be compromised too.

Many companies are not informing their customers of the danger -- or asking them to update their log-in credentials. So, here's a handy password list. It'll be updated as companies respond to CNN's questions.

Change these passwords now (they were patched)

Google+, YouTube and Gmail Facebook Yahoo, Yahoo Mail, Tumblr, Flickr OKCupid

Don't worry about these (they don't use the affected software, or ran a different version)

AOL and Mapquest Bank of America Charles Schwab Chase bank Fidelity E*Trade HSBC bank Microsoft, Hotmail and Outlook PayPal Scottrade TD Ameritrade Wells Fargo bank U.S. Bank

Don't change these passwords yet (still unclear, no response)

Amazon American Express Apple, iCloud and iTunes Capital One bank Citibank LinkedIn PNC bank Twitter (the company said Twitter's servers weren't affected but also noted that Twitter used the affected software in some capacity.) Wikipedia

By Jose Pagliery

™ & © 2014 Cable News Network, Inc., a Time Warner Company. All rights reserved.


(KTVI) – You may want to change your passwords for a number of websites like Google, Facebook and Yahoo.

Scott Schaffer, of Blade Technologies, explains it’s because of a very serious bug with a scary name: “Heartbleed.”

This is not a virus. It’s bad code.

The bug affects OpenSSL, a popular cryptographic library that is used to secure a huge chunk of the Internet's traffic.

Because you don’t know if each site has fixed the code, it’s best to change your passwords, and start getting in the habit of changing them regularly.

Scott advises, a good password should be 20 characters long, contain no actual words, should have some capital letters and numbers, and special characters.

How can you check to see if your password was stolen or if the sites you regularly visit are safe?

Good Overview: http://heartbleed.com/

Homeland Security/CERT Coordination Center: http://www.kb.cert.org/vuls/id/720951

Online Tester: http://filippo.io/Heartbleed/

Technical Information for Testers: https://blog.ipredator.se/2014/04/how-to-test-if-your-openssl-heartbleeds.html

Notice: you are using an outdated browser. Microsoft does not recommend using IE as your default browser. Some features on this website, like video and images, might not work properly. For the best experience, please upgrade your browser.