How to make sure you are not a HEATBLEED victim?

Are you scared of the Heartbleed bug yet? It is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users. 

A number of media, including the Vancouver Sun, has provided advice on how to protect yourself from the Heartbleed security bug as follows: 

1. Change your password, but first make sure any affected website you have visited has fixed the security breach (see the table below). Otherwise, hackers could just pick up your new password and login credentials. 

2. Don’t use the same password and user name for signing into multiple websites. 

3. Passwords eight characters or less are easily cracked so if a site allows, make your password longer and include a mix of letters, symbols and numbers. 

4. Monitor your accounts regularly, especially bank or credit card accounts. 

5. When you are on a public Wi-Fi site, such as a coffee shop, don’t go on any websites that require you to log in with your user name and password.

Table: Passwords that should be changed

	Was it affected?	Is there a patch?	Need to change password?	What did they say?
SOCIAL NETWORKING SITES
Facebook	Unclear	Yes	Yes	"We haven’t detected any signs of suspicious account activity, but we encourage people to ... set up a unique password."
Instagram	Yes	Yes	Yes	"Our security teams worked quickly on a fix and we have no evidence of any accounts being harmed. But because this event impacted many services across the web, we recommend you update your password on Instagram and other sites, particularly if you use the same password on multiple sites.”
LinkedIn	No	No	No	"We didn't use the offending implementation of OpenSSL in www.linkedin.com or www.slideshare.net. As a result, HeartBleed does not present a risk to these web properties."
Pinterest	Yes	Yes	Yes	"We fixed the issue on Pinterest.com, and didn’t find any evidence of mischief. To be extra careful, we e-mailed Pinners who may have been impacted, and encouraged them to change their passwords."
Tumblr	Yes	Yes	Yes	"We have no evidence of any breach and, like most networks, our team took immediate action to fix the issue."
Twitter	No	Yes	Unclear	"We were able to determine that [our] servers were not affected by this vulnerability. We are continuing to monitor the situation."
OTHER COMPANIES
Apple	No	No	No	"iOS and OS X never incorporated the vulnerable software and key web-based services were not affected."
Amazon	No	No	No	"Amazon.com is not affected."
Google	Yes	Yes	Yes	“We have assessed the SSL vulnerability and applied patches to key Google services.” Search, Gmail, YouTube, Play, Apps were affected; Chrome and Chrome OS were not.
Microsoft	No	No	No	Microsoft services were not running OpenSSL, according to LastPass.
Yahoo	Yes	Yes	Yes	"As soon as we became aware of the issue, we began working to fix it... and we are working to implement the fix across the rest of our sites right now."
STORES AND COMMERCE
Amazon	No	No	No	"Amazon.com is not affected."
eBay	No	No	No	"eBay.com was never vulnerable to this bug because we were never running a vulnerable version of OpenSSL."
PayPal	No	No	No	"Your PayPal account details were not exposed in the past and remain secure."
Target	No	No	No	"[We] launched a comprehensive review of all external facing aspects of Target.com... and do not currently believe that any external-facing aspects of our sites are impacted by the OpenSSL vulnerability."
Walmart	No	No	No	"We do not use that technology so we have not been impacted by this particular breach."
BANKS AND BROKERAGES
CIBC	No	No	No	“CIBC’s Online and Mobile Banking services have not been affected by the Heartbleed issue.”
RBC	No	No	No	“Our websites have not been affected by the Heartbleed security bug.”
Scotiabank	No	No	No	“We are confident that online banking, mobile banking, and brokerage applications remain safe and secure and that our customers' information remains secure.”
TD Bank	No	No	No	"We're currently taking precautions and steps to protect customer data from this threat and have no reason to believe any customer data has been compromised in the past."
H&R Block	Unclear	No	Unclear	"We are reviewing our systems and currently have found no risk to client data from this issue."
OTHER
Box	Yes	Yes	Yes	"We're currently working with our customers to proactively reset passwords and are also reissuing new SSL certificates for added protection."
Dropbox	Yes	Yes	Yes	"We’ve patched all of our user-facing services & will continue to work to make sure your stuff is always safe."
Evernote	No	No	No	"Evernote's service... all use non-OpenSSL implementations of SSL/TLS to encrypt network communications."
Netflix	Unclear	Unclear	Unclear	"Like many companies, we took immediate action to assess the vulnerability and address it. We are not aware of any customer impact."