Home > 2014 > Identity Theft > Why You Need to Change All of Your Passwords… Eventually

Why You Need to Change All of Your Passwords… Eventually

Advertiser Disclosure Comments 1 Comment

You know that little padlock you see in the corner of your web browser, the one that says you have a secure Internet connection? It pops up when you visit sites like Twitter, Facebook, Gmail, Yahoo, your bank — it’s almost everywhere. Turns out the connection wasn’t as secure as that little icon would indicate.

A bug in popular encryption software called OpenSSL opened the door for hackers to see everything you typed into a secure field on websites using it during the past two years. What do people type into secure websites? Lots of things: credit card information, Social Security numbers, social media posts. Just think about how many emails you send each week. Yeah, it’s as bad as it sounds.

Independent researchers at Codenomicon and Google Security discovered the vulnerability, which impacts about two-thirds of websites, and a fix has already been released (though it’s still being integrated by individual companies). Still, that’s a massive portion of Internet traffic, especially considering this hole has existed for a long time.

I’m not going to go into server communication and how the software works, but it’s important to know how this affects you.

1. There’s Nothing You Could Have Done

Taking measures to protect your sensitive information (i.e. using strong passwords) should always be a high priority for consumers. But in this case, that wouldn’t have helped.

“You could have the best passwords on the planet,” said Adam Levin, chairman and co-founder of Credit.com and Identity Theft 911, “and yet, it could have been discovered by someone, just because they were watching.”

2. We Don’t Know If Information Was Compromised

The existence of the bug has been confirmed, but there’s no way of knowing if anyone exploited it. It’s not traceable, either. Basically, anything you entered into a site using OpenSSL may or may not have been compromised.

3. Control What You Can

There could be a lot of sensitive information in the hands of people who eavesdropped on your communication with sites protected by OpenSSL, and there’s a possibility that can be used fraudulently in the future.

You need to watch out for that. Check your bank accounts regularly for unauthorized purchases, review your credit reports to make sure no one has misused your personal information, and regularly check your credit score for sudden changes — you can check two of your credit scores for free every month on Credit.com.

“You really should change your passwords,” Levin said, “because it’s almost like playing Russian Roulette — you don’t know every site that was vulnerable.”

Resetting your passwords may be a pain, but at least you’ll cut off access to your information by rendering any stolen passwords invalid. Just make sure to wait until the security update is released on the site for which you’re changing the password. Until then, monitor your accounts closely for any issues.

More on Identity Theft:

Image: IPGGutenbergUKLtd

Comments on articles and responses to those comments are not provided or commissioned by a bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by a bank advertiser. It is not a bank advertiser's responsibility to ensure all posts and/or questions are answered.

Please note that our comments are moderated, so it may take a little time before you see them on the page. Thanks for your patience.

  • http://www.credit.com/ Credit.com Credit Experts

    If you are referring specifically to Heartbleed, Lastpass has set up a site that has a tool for checking. You can find it here:

Certain credit cards and other financial products mentioned in this and other articles on Credit.com News & Advice may also be offered through Credit.com product pages, and Credit.com will be compensated if our users apply for and ultimately sign up for any of these cards or products. However, this relationship does not result in any preferential editorial treatment.