Heartbleed: Two steps to protect your information

The Heartbleed OpenSSL bug poses a huge threat to your user accounts. Learn what you can do to protect yourself.

Heartbleed is a security flaw that's plaguing as much as two-thirds of the Internet, including many popular sites like Yahoo and GitHub. On sites affected by Heartbleed, user accounts are vulnerable -- your username, password, credit card number, and other private information may be exposed. Companies are scrambling to patch their sites.


But don't sit around waiting for a fix. Take these two defensive steps (and one more if you have an Android device):

1. Check whether your most-visited sites are vulnerable

CNET has already checked the top 100 sites to see if they have Heartbleed patches, so visit that page first. For sites not on the list, use the following tools:

Filippo Valsorda's Heartbleed test

LastPass Heartbleed checker

2. Change your passwords when the sites are safe

If you've confirmed that a site has been hit by Heartbleed, don't rush to update your password. Wait for an announcement that the site has been patched. Then we recommend changing your password.

As always, it's a good idea to have a different password for every account. To keep track of all those logins, try a password manager. LastPass's mobile apps include Heartbleed scans, but you must have a paid Premium account to use them.


KeePass Password Safe


1Password for Mac
Dashlane for Mac
LastPass for Safari


Dashlane for iOS
LastPass for iOS


KeePass2Android Password Safe
LastPass for Android

Check your Android devices

Android phones and tablets may also be affected by Heartbleed if they're running an older version of the Android OS, 4.1.1. Lookout just released a free app that scans your phone or tablet and reports on whether it's vulnerable. The scan is just a diagnostic, not a fix, but at least you'll know if your mobile devices are at risk.

Heartbleed Detector for Android

About Eddie Cho