In short, a pretty major bug was found in the popular OpenSSL software library and its being called the worst security hole the internet has seen.
The OpenSSL library is used by a large number of websites to protect your transmission of data. Whenever you access a site using https (compared to http) or you see the security lock icon in your browser, you’re transmitting data over SSL. And until now, we've always known this transaction to be secure.
Well, that changed this week when this bug was announced and companies began patching their systems.
So, what does all this mean for you, the end-user? First off, there’s nothing you can do to fix the problem. That is up to all the companies that run the servers – they have to apply the necessary patches to each server to fix the bug. Furthermore, there’s no way to know if any of your information has been compromised.
Our strong recommendation is that you change passwords for any website that you log into. You’ll want to change your password AFTER you’ve verified the particular company has patched their systems.
Here’s a link that is keeping an up-to-date list of the top 100 sites and whether they’re affected and if they've installed the patch.
Some of the more popular sites that were affected include:
If you have accounts on any of these sites, please take a few minutes and update your passwords today as these sites have already applied the necessary patches.