This site uses cookies to improve your experience and to provide services and advertising. By continuing to browse, you agree to the use of cookies described in our Cookies Policy. You may change your settings at any time but this may impact on the functionality of the site. To learn more see our Cookies Policy.
Dublin: 7 °C Wednesday 8 April, 2020

Heartbleed causes massive online scare - but don't change your passwords just yet

Google sites such as GMail and YouTube are clear, the company says.

Image: Heartbleed

A NEW SECURITY bug has sparked online panic, with experts saying that users of a large number of sites should change their passwords – but not right away.

Heartbleed is a security flaw in OpenSSL technology, an implementation of a protocol that is used to protect data across the web.

Around two-thirds of the web uses OpenSSL and the Heartbleed bug has been present for around two years.

The bug can, in theory, allow anyone access the information of people who used affected sites and there is not much that can be done by users just yet. It is up to individual websites to upgrade to a version of OpenSSL that is unaffected.

It’s unclear whether any information has been stolen as a result of Heartbleed, but security experts are particularly worried about the bug because it went undetected for more than two years.

Google sites such as GMail and YouTube are clear, the company says, but a large amount of other websites are still affected.

Yahoo, which has more than 800 million users around the world, said Tuesday that most of its popular services — including sports, finance and Tumblr — had been fixed, but work was still being done on other products that it didn’t identify.


A GitHub list compiled by a user outlines around 10,000 sites and whether they are or are not affected.

It is recommended that users of sites that have passwords search the list for their bank, email and important account providers. Ultimately, you’ll need to change your passwords, but that won’t do any good until the sites you use adopt the fix. It’s also up to the internet services affected by the bug to let users know of the potential risks and encourage them to change their passwords.

Read: ‘Heartbleed’ security bug leaves encrypted web servers at risk

  • Share on Facebook
  • Email this article

Read next: