Users of many websites are being cautioned to change their passwords due to the recently-discovered Heartbleed bug which has left personal information stored on the websites vulnerable. According to an April 9 article on Mashable, some social media and email sites were potentially vulnerable before a patch was administered, and users are being cautioned to change their passwords to be safe. Facebook, Gmail, Yahoo, and YouTube are among those sites mentioned.
The details of the security risk are still somewhat unknown but the illegal access could have been ongoing for as much as two years. The Heartbleed bug was first discovered by a security expert with Google, Neel Mehta, and some tech people at Codenomicon. An April 10 article on PostChronicle.com explains that the sites affected by this security breach used OpenSSL which is simply HTTPS encryption. They provide a detailed site-by-site look at various websites and their vulnerability.
Besides email addresses and passwords, credit card information has likely been breached on many sites. The actual scope of the data that may have become available to hackers has not yet been determined or released. While patches have been applied, and Yahoo indicates they will be doing even more patches, the facts are still out on what damage has already been done.
It is interesting to note that Microsoft had no vulnerability at all for the Heartbleed bug because they do not utilize OpenSSL. Although most of the major websites are listed as having the potential for some risk, Amazon, LinkedIn and PayPal were also among those who did not even have enough risk to indicate the necessity of a password change just to be safe.
You can use a test site that allows you to copy and paste URLs to check their vulnerability to the Heartbleed bug here. It is important to remember that all the information about this problem is still very fluid. Stay informed about future developments, and maintain a watchful eye over all your personal data.