heartbleed-affected-websites

As I said in an earlier post, Heartbleed, an OpenSSL vulnerability affected over half of the internet websites.

Now comes the most important questions: Should I change my password? What websites were affected?

The most affected websites are the social networks, the search engines and the email providers. Below you’ll find a list of websites that were affected by the OpenSSL Heartbleed vulnerability. We recommend you to change your passwords on the following websites.

1. Facebook

We added protections for Facebook’s implementation of OpenSSL before this issue was publicly disclosed. We haven’t detected any signs of suspicious account activity, but we encourage people to … set up a unique password

2. Google

We have assessed the SSL vulnerability and applied patches to key Google services.

3. Instagram

Our security teams worked quickly on a fix and we have no evidence of any accounts being harmed. But because this event impacted many services across the web, we recommend you update your password on Instagram and other sites, particularly if you use the same password on multiple sites.

4. Pinterest

We fixed the issue on Pinterest.com, and didn’t find any evidence of mischief. To be extra careful, we e-mailed Pinners who may have been impacted, and encouraged them to change their passwords.

5. Tumblr

We have no evidence of any breach and, like most networks, our team took immediate action to fix the issue.

6. Yahoo

As soon as we became aware of the issue, we began working to fix it… and we are working to implement the fix across the rest of our sites right now.

7. Etsy

Etsy’s team of security and operation engineers have the important job of keeping you and your information safe when you visit Etsy. We work behind the scenes to prevent vulnerabilities, and to fix, or “patch”, known bugs and issues when they arise.

8. GoDaddy

We’ve been updating GoDaddy services that use the affected OpenSSL version.

9. Flickr

As soon as we became aware of the issue, we began working to fix it… and we are working to implement the fix across the rest of our sites right now.

10. Minecraft

We were forced to temporary suspend all of our services. The exploit has been fixed. We can not guarantee that your information wasn’t compromised.

11. Netflix

Like many companies, we took immediate action to assess the vulnerability and address it. We are not aware of any customer impact. It’s a good practice to change passwords from time to time, now would be a good time to think about doing so.

12. Soundcloud

Due to the ‘Heartbleed’ security vulnerability, we’ll be signing everyone out of their accounts. Please check that you know your sign-in details, you’ll need them to access your account. Find out more on our blog.

13. Youtube and Gmail

We have assessed the SSL vulnerability and applied patches to key Google services

14. USAA

Already taken measures to help prevent a data breach and implemented a patch earlier this week.

15. Box

We’re currently working with our customers to proactively reset passwords and are also reissuing new SSL certificates for added protection.

16. Dropbox

We’ve patched all of our user-facing services & will continue to work to make sure your stuff is always safe

17. Github

All browser sessions that were active prior to the vulnerability being addressed have been reset.

18. Okcupid

We, like most of the Internet, were stunned that such a serious bug has existed for so long and was so widespread.

19. Wunderlist

You’ll have to simply log back into Wunderlist. We also strongly recommend that you reset your password for Wunderlist.

20. Cloudflare

You’re protected from the Heartbleed vulnerability because you have CloudFlare turned on for your website. We fixed the flaw on March 31 for all CloudFlare customers, a week before it was publicly announced.

21. 101 domain

101domain is very confident that, due to the nature of the vulnerability, none of our client accounts have been compromised. We immediately took the steps required to fix the vulnerability across our global network. However, again due to the nature of the vulnerability, we cannot confirm nor deny this fact with absolute certainty. In light of 101domain’s security-first focus, using modular access and strict verification processes, and after rigorous analysis and testing, we have determined that although there may be only a very slight chance that anyone has gotten even as much as your login and password, that would be at the extreme end of your exposure.

Considering all this, and as a generally good thing to do, 101domain recommends that you log into your 101domain account and change your password as soon as feasibly possible.

22. Prezi

We want to assure you that Prezi took immediate and proactive steps to patch this security hole­ and has successfully eliminated any risk of unauthorized access to your account.
For your protection, we’ve logged you out of your Prezi account. Once logged back in using your current password, we strongly suggest you change your password using the instructions here. It’s a good idea to regularly change your passwords anyway, not just for Prezi but for all the sites you frequent.

You can check if your server is vulnerable to the Heartbleed bug on these websites: http://filippo.io/Heartbleed/ and https://www.ssllabs.com/ssltest/

You can generate strong passwords on these websites: http://strongpasswordgenerator.com/ , http://passwordsgenerator.net/ and http://www.strongpasswordgenerator.org/ .

If you know other websites that were vulnerable to the Heartbleed bug (and they admit it on their blog/website) just send us their URL address, and we will update this list.