Don’t panic. But don’t tune out and let the apathy virus shut you down either. You can protect yourself from harm with a couple of simple steps.
Heartbleed is a software bug that allowed criminals to exploit encrypted data and even “secure” financial sites. This huge breach makes it possible for scammers to have a field day with your personal info. You’ll hear lots of advice to change all your usernames and passwords using combinations of complex hieroglyphics, but that is a bit extreme and perhaps unnecessary.
So what should you do? First, check your email. Most reputable sites have been pro-active about emailing their customers to advise them of the hit, and let them know it’s now time to change your password. (If you change your password before the site has repaired the bug, you may have to go back change it once again.) However, as a precaution against scammers who are sending fake emails to take advantage of unsuspecting users–please log in directly on the website itself to change your password. Don’t rely on links within emails.
If you didn’t receive an email from the website, the reputable technology blog Mashable has put together The Heartbleed Hit List: The Passwords You Need to Change Right Now. If a site you use appears on this list, go to the website and change your password immediately. If a site is listed as ‘unaffected,’ you don’t need to do anything right now. You can also check C-net’s list of affected/repaired websites.
Concerned about other sites you use regularly? you can type a website address into this tool to check whether it’s safe to go back in and change your password: https://www.ssllabs.com/ssltest/index.html
This is a good time to change your password on all your financial sites, as well as your email accounts. But this should be done as a matter of course 2-3 times a year, even under normal circumstances.
And here’s a special word to business owners: Buy a dedicated computer for business transactions , and never use this computer to surf, shop or email. Use this computer only for banking, because under the law, a business has no protection without “due care.” And using a general use computer for banking could disqualify you.