Unfortunately, as a user there is no way to really know for sure if you’re affected unless your favorite websites explicitly tell you they were affected. Here at Best Buy and Geek Squad, our web sites dealing with your personal data and accounts were not affected by HeartBleed, so your user accounts are safe. However, when it comes to security online, we always recommend being proactive and protecting yourself first and foremost, so here are a few action items that you should take today to protect your data.
Immediately change all your passwords
This is the first step no matter what the security risk. Anytime you feel your data has been compromised, your first step should always be to change all your passwords. This includes your emails, banking, social media — literately any website that has a password that you use frequently needs to be changed. Because the HeartBleed bug may have exposed your login credentials, we recommend immediately changing all of them to ensure no one else has access to any of your accounts. This article on mashable.com identifies some popular accounts and whether or not they were impacted. Choosing strong passwords and changing regularly is still the best practice and this should prompt you to be safe and change all of your passwords even if only as a precaution.
Monitor your identity and personal accounts closely
As with any potential theft of personal data, you should closely monitor all your accounts moving forward. Watch activity on your all your accounts from credit reports, bank and credit statements as well as any other personal accounts like emails for any suspicious activity. Since the HeartBleed bug may have allowed people to see the data you were submitting on secured forms, potentially, they could have gained enough information to steal your identity. Closely monitoring your accounts will help you take quick action in the event your personal details were compromised.
Be vigilant for phishing attempts
Phishing attempts have been a favorite of con artists for a while now and they are constantly looking for ways to make their attempt seem more legitimate. If they were able to use the HeartBleed bug to gain some personal information, like a bank account number or password, they may use it in an attempt to gain more information from you. Never respond to unsolicited emails asking for your personal information and always ensure you only update information on the legitimate websites. Banks and credit card companies will never ask for information via email, only on secured forms.
If you’d like more information on the “HeartBleed” or “HeartBeat” OpenSSL bug, you can read all about it at techcrunch.com.
You can find out more about OpenSSL and their see their April 7th “Security Advisory: Heartbeat overflow issue.” announcement at OpenSSL.org.