A massive security flaw called Heartbleed has put millions of Internet users at risk for the past two years. Some experts are calling it the most dangerous bug online. Usernames and passwords and possibly credit card information may have been intercepted on what are supposed to be secure websites.
The bug causes a vulnerability in the OpenSSL cryptographic library, which is used on servers to scramble sensitive information to protect people's privacy. Two-thirds of all websites use OpenSSL, including major banks and social network sites.
At this point, there's not much users can do to remedy the situation. "It's the companies and the service providers that really need to go out there and make sure its services are patched correctly and not vulnerable to this "Heartbleed" bug," said Jeremy Rosenberg, head of digital at Allison & Partners.
Until then, Rosenberg said users should be looking to see if they have anything coming in from the services or the websites they've been using. "It's going to be the responsibility of those services to communicate with their users to let them if they have that vulnerability," Rosenberg said.
He adds that passwords should not be changed before receiving communication from the company itself that the service has been patched. Changing your password before receiving notice about a fixed service may only reveal your new password to an attacker.
As usual when protecting yourself online, Rosenberg said, users should vary their passwords, watch for service updates and to always keep an eye on credit card statements and credit scores.
By Christina Medici Scolaro