Heartbleed is a bug in the open-source cryptography library Open SSL which allows attackers to read the memory of servers which use Open SSL. The bug is considered as the biggest
threat since the internet was invented, as it affects many popular social networks and online services like Facebook, Google, Dropbox, and more to be listed below.
What caused the heartbleed? On April 7, 2014, it was announced that OpenSSL 1.0.2 beta, as well as all versions of OpenSSL in the 1.0.1 series except 1.0.1g had a severe memory handling bug in their implementation of the TLS Heartbeat Extension. This defect could be used to reveal up to 64 kilobytes of the application’s memory with every heartbeat.
|Status||Recommended action according to the service providers’ responds|
|Affected||“We added protections for Facebook’s implementation of OpenSSL before this issue was publicly disclosed. We haven’t detected any signs of suspicious account activity, but we encourage people to … set up a unique password.”|
|Not affected||No action required|
|Gmail||Affected||“We have assessed the SSL vulnerability and applied patches to key Google services.”*Google said users do not need to change their passwords, but because of the previous vulnerability, better safe than sorry.|
|Paypal||Not affected||“Your PayPal account details were not exposed in the past and remain secure.”|
|Not affected||“We didn’t use the offending implementation of OpenSSL in www.linkedin.com or www.slideshare.net. As a result, HeartBleed does not present a risk to these web properties.”|
|tumblr||Affected||“We have no evidence of any breach and, like most networks, our team took immediate action to fix the issue.”|
|Amazon||Not affected||Nothing required – no statement|
|Dropbox||Affected||“We’ve patched all of our user-facing services & will continue to work to make sure your stuff is always safe.”|
|SoundCloud||Affected||“We will be signing out everyone from their SoundCloud accounts … and when you sign back in, the fixes we’ve already put in place will take effect.”|
|Wunderlist||Affected||“You’ll have to simply log back into Wunderlist. We also strongly recommend that you reset your password for Wunderlist.”|
|Yahoo||Affected||“As soon as we became aware of the issue, we began working to fix it… and we are working to implement the fix across the rest of our sites right now.”|
|Microsoft||Not Affected||Nothing from your side|
Up till this moment 22:21:31, 2014-04-10, we didn’t detect any complaint from any individual or corporation around the world reporting any infringement to their passwords caused by the heartbleed – We will capture any thing for you as it happens – keep an eye on Digital Boom.
In the meanwhile, to stay safe, we recommend to change all important services’ passwords in order to maintain your privacy and keep things organized.