By now you’ve probably already panicked over Heartbleed and spent the next three hours changing all of your passwords. You’re probably super annoyed because now that you’ve changed everything, you can’t remember all 326 new passwords.
But now that the chaos has died down and sites have started to patch the problem, what can you do?
The simple answer is: not a whole lot. (Unless you haven’t changed your passwords, then stop what you’re doing and figure out which ones to change).
The security flaw has been active for about two years and it’s difficult to say what information of yours has been compromised even though we know many of the websites that were affected.
(For a full rundown of the Heartbleed disclosure timeline, click here)
However, you can surf safely by determining which websites are safe and which aren’t. A lot of people are passing around the Lastpass website checker but according to Marc Rogers, the principle security researcher at Lookout Security: “All it does is look at the age of your SSL Cert – if its new they claim the site is safe, if its older than a few days they say it is vulnerable. The age of a CERT has absolutely NOTHING to do with whether or not a site is vulnerable.” He, as many other security experts, recommends using the Qualys site to check the safety of a site.
While the damage has been done, it’s difficult to say to what extent, leaving users in the “wait and see” stage of a data breach. You can change your passwords, monitor your accounts for suspicious activities, but unfortunately, there’s no magic wand to wave to patch up everything.
Data breaches can be scary and are often hard to predict. The best thing people can do is play a good offense and keep their data as safe as they can, and, as always, staying security aware. To find out how you and your company should handle data breaches and more, subscribe to our monthly newsletter!