Earlier this week, the Internet was abuzz with the word "Heartbleed." However, this isn't another fad or a catchphrase that became popular to some celebrity on a reality show. Heartbleed is the code word for a bug in OpenSSL that was recently publicized. Why is this a big deal? Websites that use OpenSSL do so because they want to encrypt data sent to and from the visitor. This includes contact information, credit card numbers and passwords. Banks and online retailers are among the websites that may use OpenSSL.
However, websites that you might not suspect also use OpenSSL. A host of Yahoo properties, including Tumblr, Flickr and Yahoo Mail use OpenSSL. While the developers behind those projects have been quick to fix the bug and report that no sensitive information was released, not everyone is so sure. Most experts advise that you assume your passwords are in the wild and change them just in case.
In fact, some people recommend not using financial websites or making any websites for a few days while websites update OpenSSL to fix that bug. Then, head to those websites and change all of your passwords. While Amazon and Facebook have reported that their websites aren't vulnerable, smaller websites may be vulnerable, and the bug has existed for over two years, which means that hackers have had a long time to access your information, even if no hacker took advantage of the bug or used data in a malicious way.
Heartbleed is also a not-so-gentle reminder of how dangerous it is to use the same password across multiple Internet accounts. If you use your Yahoo address to sign in to other services and your password was compromised, for example, you'd be giving hackers access to a lot more information than just what's in your inbox.
