Now that the first victims of the Heartbleed web vulnerability have begun to appear, it’s important to remember that just telling millions of people to change their passwords isn’t going to fix this problem.
In fact, that advice may end up leading to even more problems — soon.
We are still just in the beginning of this “catastrophic” mess that’s the result of a two-year old Heartbleed bug in OpenSSL that was patched in early April. Most of the critical web services have been patched but as many as 500,000 sites are still vulnerable, according to analysts.
You know by now that you should change your passwords as a site has fixed the vulnerability. You can check here to see if a site is still vulnerable.
We also hope you know to always unique passwords for each of your most important accounts.
But even if you take all the right steps, your data still may have gotten into the wrong hands — and criminals may be using leaked email addresses and phone numbers to try to contact you and trick you into disclosing even more private information.
“Changing your passwords won’t protect you if you give them unwittingly to a hacker pretending to be your Web mail provider,” The Washington Post‘s Brian Fung notes.
Expect that phishing emails, vishing phone calls and smishing text messages will soon be imploring you to take steps to update your information.
Do not click on any “Click here” links in emails or texts. Go to the site directly or — even better — use a password manager like F-Secure KEY that automatically generates strong, unique passwords.
If someone claiming to be from a site or service your use calls you about Heartbleed and asks for private information, hang up and contact the customer service line directly.
Heartbleed is NOT a virus but the consequences to this kind of unprecedented vulnerability are impossible to predict.
Your data may be out there so be on your guard against people who may try to use it against you.
On a recent trip to the Finnish Archipelago, F-Secure security advisor Sean Sullivan scanned the…
July 13, 2017