Closings: Schools, churches, day-cares and businesses

Heartbleed vulnerability: Change your passwords

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.
Change theses passwords right now

NEW YORK (CNNMoney) -- Websites are racing to patch the Heartbleed bug, the worst security hole the Internet has ever seen.

As sites fix the bug on their end, it's time for you to change your passwords. The Heartbleed bug allowed information leaks from a key safety feature that is supposed to keep your online communication private -- email, banking, shopping, and passwords.

Don't change all your passwords yet, though. If a company hasn't yet updated its site, you still can't connect safely. A new password would be compromised too.

Many companies are not informing their customers of the danger -- or asking them to update their log-in credentials. So, here's a handy password list. It'll be updated as companies respond to CNN's questions.

Change these passwords now (they were patched)

Google+, YouTube and Gmail Facebook Yahoo, Yahoo Mail, Tumblr, Flickr OKCupid

Don't worry about these (they don't use the affected software, or ran a different version)

AOL and Mapquest Bank of America Charles Schwab Chase bank Fidelity E*Trade HSBC bank Microsoft, Hotmail and Outlook PayPal Scottrade TD Ameritrade Wells Fargo bank U.S. Bank

Don't change these passwords yet (still unclear, no response)

Amazon American Express Apple, iCloud and iTunes Capital One bank Citibank LinkedIn PNC bank Twitter (the company said Twitter's servers weren't affected but also noted that Twitter used the affected software in some capacity.) Wikipedia

By Jose Pagliery

™ & © 2014 Cable News Network, Inc., a Time Warner Company. All rights reserved.


(KTVI) – You may want to change your passwords for a number of websites like Google, Facebook and Yahoo.

Scott Schaffer, of Blade Technologies, explains it’s because of a very serious bug with a scary name: “Heartbleed.”

This is not a virus. It’s bad code.

The bug affects OpenSSL, a popular cryptographic library that is used to secure a huge chunk of the Internet's traffic.

Because you don’t know if each site has fixed the code, it’s best to change your passwords, and start getting in the habit of changing them regularly.

Scott advises, a good password should be 20 characters long, contain no actual words, should have some capital letters and numbers, and special characters.

How can you check to see if your password was stolen or if the sites you regularly visit are safe?

Good Overview:

Homeland Security/CERT Coordination Center:

Online Tester:

Technical Information for Testers:


  • Bob

    The experts say to change your passwords. They also say to wait until you know the problem has been fixed on each website, but I’m sure nobody is going to tell us that.

  • Simba

    And how do we know this isn’t a scam to get you to change your password – so some hacker can get it when you change it?

    • Just

      Sure, dont listen to the advice and leave your passwords unchanged. You probably already have malware on your computer anyhow so grabbing all of your information anyhow.
      Just dont go blaming anyone else but yourself for your identity losses.

      End users… sheese.

Comments are closed.