Within the past few days, there has been a lot of coverage about a security compromise, called the Heartbleed Bug, that has lead to the leaking of a lot of data from many prominent websites and services. It comes from a programming flaw in in OpenSSL libraries that can compromise usernames and passwords for major websites. What is probably the worst part about this exploit is that you may never know if any of your data was compromised.
The good news is that major websites and service providers are working around the clock to ensure that the leak gets plugged to stop the flow. Some of these fixes may come to you in the form of software updates. To be safe, there are some websites that are known to have been affected, and you should head to those sites and change your password(s) right away.
Here’s a list of known sites that you NEED to change your password for:
– Google (including Gmail and YouTube)
– OK Cupid
– Yahoo! (including Yahoo! Mail, Tumblr, and Flickr)
Here’s a list that you don’t have to worry about. They didn’t use the compromised software:
– Bank of America
– Apple (including iTunes and iCloud)
– Microsoft (Outlook & Hotmail)
– Capital One Bank
There are a few others, and you should check with any company that has any information you would be concerned about. This is a deeply complex issue, and if you’d like to learn more about it you can visit the website of the security firm who found the bug in the first place.