Skip to Main Content

About

News

News Releases | April 10, 2014

Responding to Heartbleed

While our servers were not subject to the Heartbleed OpenSSL vulnerability, many sites you come across on a daily basis might have been. CNET has gathered a list of the most popular sites on the web that lists their current status. If you have an account on one of these websites, please check to see if they have been patched. Once patched, it is recommended that you change your password.

Do:

  • Change passwords on sites that you have confirmed were vulnerable and patched.
  • Change passwords on uncompromised sites where you use the same password as on a compromised site. (For example, your passwords on Amazon and Facebook match. Facebook was compromised; Amazon was not. It is recommended that you change your password on Amazon.)

Don’t:

  • Change passwords on compromised sites that have not been fixed.
  • Change passwords on non-compromised sites where you use a unique password.
  • Change passwords that are shared across multiple sites where none of the sites have been compromised.

Since you will probably be updating a few passwords, it’s a good time to review some basic password security guidelines.

Do:

  • Make passwords hard to guess – no names of family members, addresses or common words.
  • Use strong passwords, at least 8 characters and preferably a combination of numbers, letters, and special characters. Try using phrases that mix letters and numbers.
  • Use a different password for each website.
  • Change your passwords regularly.

Don’t:

  • Leave passwords where others can find them.
  • Use passwords based on personal information such as: name, nickname, birthdate, etc.
  • Use the same password on many sites.