Widespread Heartbleed Bug Exposes Passwords

Heartbleed-Patch-NeededWe know to change our passwords regularly but who doesn’t ignore the menial task? It is much easier to have one password to remember. So we ignore this annoying suggestion until one day our email account is hijacked and our friends receive weight loss advertisement! Any online profile is vulnerable to attack.

Two weeks ago, a huge vulnerability known as Heartbleed was discovered affecting 66% of secure websites. The Heartbleed bug is a vulnerability in OpenSSL, the technology used to secure the internet’s web traffic. The bug allows someone to exploit a web server and gain access to (what was thought to be) secure and sensitive information. Exploiting this bug is undetectable, meaning any server that has had information stolen by this bug, won’t know it.

The security vulnerability has been patched on most widely-used web services, but this doesn’t mean you’re safe! Because the bug was unpatched for 2 years, there is a possibility malicious attackers could have gained access to your passwords (although no reports indicate this has happened yet).

It is very important you update your passwords for the following services:

Vulnerable OpenSSL Websites

  • Facebook
  • Twitter
  • Pinterest
  • Instagram
  • Tumblr
  • Gmail
  • Yahoo Mail
  • Netflix
  • YouTube
  • SoundCloud
  • Venmo
  • Amazon Web Services

A Heartbleed Checker can notify you if a website is prone to the Heartbleed Bug. You can find more technical info here: http://heartbleed.com/
There are many good habits to keep your online information secure against other kinds of attacks.

Protecting Your Information from Online Attacks

  • Don’t give information to random companies on the Web
  • Make sure there is a small green lock on the browser.
  • Keep passwords in secure locker of your phone or computer.
  • Do not repeat passwords.

We are currently taking precautions to make sure that customer information is protected by the top security systems, including LastPass which uses a secure password generator, multifactor authentication, breach alerts, thwarts phishing attacks and more. Over 5,000 businesses trust LastPass. We do not duplicate passwords and change passwords regularly to ensure security. Our techniques prevent attackers from accessing client accounts, social media profiles, credit card information and more. We suggest that you recreate passwords for all private accounts.