An online security flaw called "Heartbleed" has made many of the most popular websites vulnerable to data breach and left consumers uneasy.
What exactly is Heartbleed, and what can you do to protect yourself?
Heartbleed Cracks the SSL Lock
The Heartbleed flaw is a vulnerability in the open-source OpenSSL encryption technology used by many of your favorite websites. SSL is a popular Internet security protocol that allows Web surfers to make a secure connection with sites in order to send sensitive data.
Sites that use SSL to create secure connections are indicated by an "s" after the "http" in the address, as well as a small "padlock" icon in the address bar. But according to CNN, the Heartbleed flaw allows cybercriminals to crack this "lock," giving them access to personal data as well and possibly impersonate a secure site.
One of the largest sites affected by the Heartbleed flaw was Yahoo, and Yahoo Mail usernames and passwords were vulnerable to theft as a result, reports CNET. Yahoo has since reported that it has corrected the problem across its various sites (including Tumblr and Flickr), but vulnerabilities may still remain.
Tech consultant Filippo Valsorda has created a "Heartbleed test" to determine if your favorite sites are vulnerable to this security flaw, which initially revealed issues with sites like OkCupid and Imgur.
Protecting Your Data
You may receive a notice from a compromised site explaining the details of their security changes and how you should proceed. Steve Lohr of The New York Times notes that simply changing passwords will not help if the Heartbleed flaw has not been addressed.
Users should wait until they receive confirmation that their favorite sites have been fixed, and should avoid logging on to those sites until then. If you are worried about smaller businesses that may have your sensitive data, like small vendors or banks, contact them and request an update about the Heartbleed flaw.
While you wait for these sites to get their security ducks in a row, this would be a good time to review your own password practices to make sure you aren't leaving yourself vulnerable.