But it hasn’t always been clear which sites have been affected. Mashable reached out some of the most popular social, email, banking and commerce sites on the web. We’ve rounded up their responses below.
Some Internet companies that were vulnerable to the bug have already updated their servers with a security patch to fix the issue. This means you’ll need to go in and change your passwords immediately for these sites. Even that is no guarantee that your information wasn’t already compromised, but there’s also no indication that hackers knew about the exploit before this week. The companies that are advising customers to change their passwords are doing so as a precautionary measure.
Although changing your password regularly is always good practice, if a site or service hasn’t yet patched the problem, your information will still be vulnerable.
Also, if you reused the same password on multiple sites, and one of those sites was vulnerable, you’ll need to change the password everywhere. It’s not a good idea to use the same password across multiple sites, anyway.
|Was it affected?||Is there a patch?||Do you need to change your password?||What did they say?|
|Unclear||Yes||Yes Yes||“We added protections for Facebook’s implementation of OpenSSL before this issue was publicly disclosed. We haven’t detected any signs of suspicious account activity, but we encourage people to … set up a unique password.”|
|Yes||Yes||Yes Yes||“Our security teams worked quickly on a fix and we have no evidence of any accounts being harmed. But because this event impacted many services across the web, we recommend you update your password on Instagram and other sites, particularly if you use the same password on multiple sites.”|
|No||No||No||“We didn’t use the offending implementation of OpenSSL in http://www.linkedin.com or http://www.slideshare.net. As a result, HeartBleed does not present a risk to these web properties.”|
|Yes||Yes||Yes Yes||“We fixed the issue on Pinterest.com, and didn’t find any evidence of mischief. To be extra careful, we e-mailed Pinners who may have been impacted, and encouraged them to change their passwords.”|
|Tumblr||Yes||Yes||Yes Yes||“We have no evidence of any breach and, like most networks, our team took immediate action to fix the issue.”|
|No||Yes||Unclear||Twitter wrote that OpenSSL “is widely used across the internet and at Twitter. We were able to determine that [our] servers were not affected by this vulnerability. We are continuing to monitor the situation.” While reiterating that they were unaffected, Twitter told Mashable that they did apply a patch.|