By now, I hope you have heard of Heartbleed, that notorious bug that has been infiltrating “secure” sites for the last two years and quietly stealing information without a trace. It’s ugly, but it also is a good reminder that there will always be some hacker out there trying to get past everyone’s guard. Neil Rubenking at SecurityWatch says the fallout of Heartbleed is the need for everyone to change every one of their passwords.
“Your secure sites fall in to three categories, those that are still vulnerable, those that were vulnerable in the past, and those that were never vulnerable. It’s absolutely essential to change your password on those that were vulnerable in the past. It couldn’t hurt to change those that seem like they were never vulnerable, especially because you can’t be sure. As for those that remain vulnerable, you’re going to have to change those again, but by making a clean sweep now and ensuring you have no duplicate passwords, you’ll make that second round of password updates easier.”
I recommend you read the article and do what this security expert suggests, go back to all sites you have joined and change your passwords or close your account there. I did this myself last night. Most security experts change their own passwords regularly anyhow, and if the security guy does it, the rest of us should think about doing it. Better safe than sorry.
If you’ve been searching for a job or have done so online in the past (think: job boards, online career centers, professional development sites, etc.), there may be some sites you joined in hopes of a job lead. It’s a good idea to have a unique password for each site anyway, but depending on how much information you gave on the site, that might be a place to critically examine for security risk. We need to be careful of online resume submissions because identity theft is growing, partly due to sophisticated bugs like Heartbleed that siphon off encrypted data like login credentials and security keys.