You’ve probably heard by now that a widespread OpenSSL bug called Heartbleed has left the user passwords and information of about half a million websites vulnerable to hackers for the past two years.
First, the good news: Isagenix websites don’t use OpenSSL, so your Isagenix data is safe.
Now for the potentially bad news: Many other sites you log in to daily are affected by this bug. I don’t want to send you into a panic, but I want you to take this seriously. Everything from your social media sites to your favorite online shopping and banking sites could be compromised.
Now, I’m going to get a bit technical as I briefly explain the problem. Stay with me even if you don’t understand it all, because I’m also going to provide tips for staying safe online as websites scramble to protect against this bug.
So, what’s OpenSSL?
It’s security software that many companies use to protect data submitted online, like user passwords and credit card information. Normally, when you log in to a website or make online purchases, a Secure Sockets Layer (SSL) certificate encrypts your data so that only a Web server with the proper decryption information (know as a “private key” or “secret key”) can access it.
What’s the problem?
According to Heartbleed.com:
“The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.”
What are affected companies doing to fix this problem?
To protect against this bug, affected companies must update their websites to use a new, bug-free version of OpenSSL. Many have already done so, and others are still working on it. (Click here to see which sites were affected as of yesterday, and click here to check if a specific site is affected.)
How can I protect myself online?
OK, this is where you come in. Here are my recommendations for staying safe this week and in the future:
- Log out of any sites you’re currently logged in to and avoid logging in to sites that haven’t updated their software yet. (Again, you can click here to see if a site is still vulnerable to the Heartbleed bug. Also, this Mashable article provides a nice overview of which major sites were affected.)
- Once you’ve verified that the sites you use are safe, change all of your passwords. Don’t use the same password for every site, and make sure you’re creating strong passwords. Check out the Password Basics article that I wrote for GoDaddy.com last year for tips on creating strong passwords.
- Avoid using public or unsecured Wi-Fi networks.
- Keep an eye on your bank statements, and see if your bank offers fraud alerts or credit protection services.
- Always remember to think before you click! For more ways to protect yourself online, see my Online Security Basics article.
It’s easy to develop a false sense of security on the Internet, but cyber crimes are real. With some common sense and caution, you can stay safe online and avoid compromising your personal information.