Do you have an account on a website?
If so, then you probably need to change your password.
On which site, you ask? Well, all of them.
As modern-day college students, it’s pretty much required that we use some form of the Internet. Even if you’ve refrained from making accounts on time-drains like Facebook and Tumblr, you’ve got at least one email account to your name. The Internet is how we check our class grades and apply for graduation, keep track of friends and family, find jobs and spend our free time. It lives in our pockets, on our desks, even on our wrists and eyes. There’s just no escaping it.
Which is why Heartbleed caused such a panic when its discovery made tech headlines earlier this week. Heartbleed is a bug that takes advantage of a security flaw in software used by many popular “secure” websites, snatching up sensitive account information like passwords and usernames. With your account login information, whoever is behind Heartbleed might have access to your email, personal details and even financial information like credit card accounts. What’s even worse? This thing has been running silently through the Internet for about two years.
What’s equally scary as the fact that this thing has been running undetected that long is that, as Internet users, there was really nothing we could do to prevent it taking our information. The security flaw exists within the hosting servers of websites, not within our own hardware and software. The anti-virus and anti-malware software you should have installed on your devices couldn’t detect it, because it just wasn’t there.
If you’ve used Yahoo, Tumblr, Facebook, Dropbox, Etsy, Google, Netflix, YouTube or a variety of other sites over the past two years, there’s a high chance your info’s been compromised. Every tech advice article out there about Heartbleed recommends that users of Yahoo, Flickr and Tumblr change their passwords immediately. Those three sites are confirmed to have been attacked by Heartbleed, and they’ve already fixed their servers to combat it, so you’re safe to change the passwords.
However, dozens of other sites “possiblies” and “maybes.” We just don’t know. If you want to be completely certain, change every password on every major site you’ve ever signed into, even if they’re on the list of “maybe not affected.” But only change them once those sites have confirmed they’ve fixed the problem. Tech sources like CNET have provided lists of popular sites and if they have patched the problem, haven’t responded yet or weren’t vulnerable to Heartbleed in the first place. And even if a site you use is on the “non-vulnerable” list, such as Amazon and Apple, still consider changing your password. The majority of Internet users reuse the same password on multiple sites.
We college students are no exception. We’ve got enough to memorize and worry about without having different passwords for every single site we log in to. Unfortunately, with this bug, that might end up biting us. With how long Heartbleed has flown under the radar, there’s a high chance there are more out there, mining website servers for account information that might help people steal your information, your money and your privacy. Maybe following common advice and having a separate, unrelated password for each account we use is an inconvenience we’re going to have to learn to embrace.