• YOUR IP:54.145.122.109
  • YOUR ISP:Amazon
  • STATUS: Not connected

Heartbleed – What passwords to change

Graphic updated on 16/04 @ 17:37 CEST – (Netflix changes)

The Heartbleed bug – a major security flaw in OpenSSL – has seriously disrupted the online community this week. OpenSSL is one of the most popular pieces of encryption software, and the bug has potentially exposed millions of user details to hackers.

Some online service providers acted quickly, patching the flaw as soon as it was announced. However, many others have yet to act.

If a service provider is yet to apply the patch, you should not change your password. Instead, wait until you receive confirmation from an official channel that the servers have been patched. Only then should you log in and update your details.

Conflicting reports have led to panic – nobody seems to know which sites have been affected, or whether their servers have been patched.

To dispel the confusion, we’ve created a simple password change checklist. It identifies the major sites which have been affected by Heartbleed – and whether they’ve patched their servers yet.

Link to the full graphic

Graphic showing what passwords to change as a result of Heartbleed

Most popular articles on the IVPN blog

10 Responses to Heartbleed – What passwords to change

  1. James Bryce says:

    Very helpful list, it’s nice to have a clear breakdown with all the news stories out at the moment. Thanks guys!

  2. Pingback: Infographic: The Heartbleed checklist - Gdgt Arena

  3. Barry Rueger says:

    If a service provider is yet to apply the patch, you should not change your password. Instead, wait until you receive confirmation from an official channel that the servers have been patched.

    I probably have log in IDs at at least 50 to 75 web sites here and there. To date not one of them has e-mailed me to say “Hey we fixed it, now change your password.”

    This advice is pretty much useless unless system admins are pro-active in letting users know when systems have been patched.

  4. David says:

    I seriously question the advice that passwords not be changed until the site has announced that it has applied the fix. This simply leaves the user vulnerable if in fact their password is compromised.

    I think better advice is to identify those sites where compromise would have a serious impact … e.g., a bank or investment account … and change those passwords frequently … e.g., daily … until AFTER the fix is applied … be sure to make one last change AFTER the fix.

    Of particular concern would be any email providers for accounts which could be used to recover password access to other accounts.

  5. Pingback: How VPN Services Responded to Heartbleed | TorrentFreak

  6. Pingback: How VPN Services Responded to Heartbleed - TorrentScene | TorrentScene

  7. Pingback: How VPN Services Responded to Heartbleed |

  8. Pingback: The Heartbleed Checklist: The Passwords You Should Change (INFOGRAPHIC & VIDEO)

  9. Pingback: What Passwords to Change: The Heartbleed Checklist for Social Media Users | Dev Inform

Leave A Comment