By Alyssa Bereznak from Yahoo Tech
This week the web was rocked by a security bug called Heartbleed. In short, it’s a flaw in a commonly used security system that potentially two-thirds of websites use to keep your information like your passwords secure.
As I mentioned yesterday, all you can really do about the flaw is change your passwords. And it’s best to wait to do that until a website has fixed everything. Otherwise you could very well be handing over your new password to an undetected attacker.
By now, most sites that were vulnerable to the flaw have patched it.
Some good news first: Your login information for your bank is most likely safe. The following financial institutions have not been affected by Heartbleed: Bank of America, Chase, E*Trade, Fidelity, PNC, Schwab, Scotttrade, TD Ameritrade, TD Bank, U.S. Bank, and Wells Fargo
And now it’s time for everyone’s faaaaavorite game: What password do I need to change?
First up:
EMAIL PROVIDERS
Here are the ones that were vulnerable:
—Yahoo Mail
Was affected! But patched. You should change your password.
—Gmail
Was affected! But patched. A Google representative told Mashable you need not change your password. But you should probably do it just in case.
And the ones that were not:
—AOL:
Was not affected. You do not need to change your password.
—Hotmail / Outlook
Was not affected. You do not need to change your password.
Hey, that was a fun round, now let’s move on to …
ONLINE STORES
Here are the ones that were vulnerable:
—Amazon Web Services (for website operators)
Was affected. If you use Elastic Load Balancing, Amazon EC2, Amazon Linux AMI, Red Hat Enterprise Linux, Ubuntu, AWS OpsWorks, AWS Elastic Beanstalk and Amazon CloudFront, you should change your password.
—eBay
Was probably not affected. But you should change your password just in case.
—GoDaddy
Was affected! But patched. You should change your password.
And the ones that were not:
—Amazon
Was not affected. You do not need to change your password.
—PayPal
Was not affected. You do not need to change your password.
—Target
Was not affected. You do not need to change your password.
TAX-RELATED
Here are the ones that were vulnerable:
—Intuit (TurboTax)
Was affected! But patched. You should change your password.
—Healthcare.gov
Healthcare.gov has not yet responded to our request for comment.
And the ones that were not:
—1040.com
Was not affected. You do not need to change your password.
—FileYour Taxes.com
Was not affected. You do not need to change your password.
—H&R Block
Was not affected. You do not need to change your password.
—IRS
Was not affected. You do not need to change your password.
SOCIAL NETWORKS
Here are the ones that were vulnerable:
—Tumblr
Was affected! But patched. You should change your password.
Unclear. They’re “monitoring the situation. So maybe wait a few more days and then change your password.
Unclear! They’ve “added protections,” so it’d be best to change your password.
And the ones that were not:
Was not affected. You do not need to change your password.
OTHER IMPORTANT WEBSITES
Here’s the ones that were vulnerable:
Was affected! But patched. Google says you don’t need to, but just to be safe, you should probably change your password for the following Google services: Search, Gmail, YouTube, Wallet, Play, Apps, and App Engine. Google Chrome and Chrome OS were not affected.
—Yahoo
Was affected! But patched. You should change your password.
—Dropbox
Was affected! But patched. You should change your password.
—OKCupid
Was affected! But patched. You should change your password.
—SoundCloud
Was affected! But patched. You should change your password.
—Wunderlist
Was affected! But patched. You should change your password.
—IFTTT
Was affected! But patched. You should change your password.
—Netflix
Unclear. So maybe wait a few more days and change your password.
—Apple
Unclear. Apple is staying mum o this one. So maybe wait a few more days and then change your password.
And the ones that were not:
—Amazon
Was not affected. You do not need to change your password
—Microsoft
Was not affected. You do not need to change your password.
—Evernote
Was not affected. You do not need to change your password.
And that concludes this week’s episode of Secure or Not? We’ll see you back here next time someone breaks the Internet. A special hat tip toMashable, from whom we sourced some of this info.
In the meantime, check out my colleague Rafe Needleman’s column on how to create super strong passwords.
Follow Alyssa Bereznak on Twitter or email her here.
