The Heartbleed bug hit-list: how to best update all your passwords


As news broke this Monday of the Heartbleed bug, citizens of the Internet have been scrambling to discover just how many of their favourite sites and services may have been compromised. If you haven’t yet heard, the Heartbleed bug is a vulnerability in the OpenSSL cryptographic library which allows for the exposure of sensitive account information like passwords and credit card numbers. OpenSSL is used by the vast majority of websites on the Internet, which means that a large number of the apps currently sitting on your smartphone were compromised as well.

A quick rundown of the affected site list at Mashable is pretty damning: Facebook, Twitter, Google, and Dropbox to name a few. While it won’t do anything to protect against previously lost data, as the vulnerability has been around for nearly two years, your best bet is to change the password for any web service affected. However, as password manager service LastPass notes, changing your password before these sites update their SSL certificates won’t help.

To that end, they’ve created a handy tool for checking the status of each affected web site. Check it out here.