Listen weekdays from 1-3pm ET
(No audio? Try our help)
Recent shows | More media

Listen Live: Mon-Fri 1-3pm ET

Posted: 4:04 p.m. Monday, April 14, 2014

The Heartbleed Data Breaches: Clark’s Advice

What you need (and don't need) to do right now

  • comment(4)



By Clark Howard

ClarkHoward.com


Don’t panic. But don’t tune out and let the apathy virus shut you down either. You can protect yourself from harm with a couple of simple steps. 

Heartbleed  is a software bug that allowed criminals to exploit encrypted data and even “secure”  financial sites.   This huge breach makes it possible for scammers to have a field day with your personal info.  You’ll hear lots of advice to change all your usernames and passwords using combinations  of complex hieroglyphics, but that is a bit extreme and perhaps unnecessary. 

So what should you do? First, check your email. Most reputable sites have been pro-active about emailing their customers to advise them of the hit, and let them know it’s now time to change your password. (If you change your password before the site has repaired the bug, you may have to go back change it once again.) However, as a precaution against scammers who are sending fake emails to take advantage of unsuspecting users--please log in directly on the website itself to change your password. Don't rely on links within emails.

If you didn’t receive an email from the website, the reputable technology blog Mashable has put together The Heartbleed Hit List: The Passwords You Need to Change Right Now. If a site you use appears on this list, go to the website and change your password immediately. If a site is listed as "unaffected," you don't need to do anything right now.  You can also check C-net's list of affected/repaired websites.

Concerned about other sites you use regularly?  you can type a website address into this tool to check whether it's safe to go back in and change your password: https://www.ssllabs.com/ssltest/index.html

This is a good time to change your password on all your financial sites, as well as your email accounts. But this should be done as a matter of course 2-3 times a year, even under normal circumstances.

You may also want to consider software programs (such as Dashlane , Lastpass, PasswordBox and others) to manage your passwords. Several of these are free to use, operating under the “freemium” model.

And here’s a special word to business owners:  Buy a dedicated computer for business transactions , and never use this computer  to surf, shop or email. Use this computer only for banking, because under the law,  a business has no protection without “due care.”  And using a general use computer for banking could disqualify you.

For further information:
Heartbleed bug, Windows XP require your attention
#AskJeffTech - What's the best password manager?

  • comment(4)