We recently received a high-priority message from Jessica DeVita, the Uber Geek Girl, regarding the recent breach of HTTPS security. The so-called “Heartbleed bug” attacks the OpenSSL technology, taking users’ personal login information for many sites.
In fact, Tumblr yesterday issued this statement about the breach: “We have no evidence of any breach and, like most networks, our team took immediate action to fix the issue. But this still means that the little lock icon (HTTPS) we all trusted to keep our passwords, personal emails, and credit cards safe, was actually making all that private information accessible to anyone who knew about the exploit.”
UberGeekGirl.com has a couple of tools available for you to test your vulnerability, as well as a list of affected sites at their blog here: http://www.theubergeekgirl.com/2014/04/09/checking-for-heartbleed-vulnerability/
Though the OpenSSL version affected by this bug has been fixed, the issue was only recently discovered, meaning anyone’s information may have been stolen.
What’s the safest route in the wake of this bug? Many sites, including UberGeekGirl suggest changing ALL of your passwords to important websites, including banking and e-mail.