When stores like Neiman Marcus and Michaels, or even a superstore like Target, fess up about a data-security breach, it can be easy to dismiss if you don’t shop there. But when news broke Monday about a flaw in the security tool used by a large swath of the Internet, consumers were alarmed by how close this latest breach hit home -- or rather their home page, as the websites affected included Google, Facebook, Yahoo and Amazon.
The bug called Heartbleed -- a vulnerability that was discovered by the researchers in Finland and at Google last week -- exploits a hole in OpenSSL, a software tool used to encrypt messages and other data transmitted online. (SSL technology is marked in the address bar of your web browser by either a closed padlock or “https://” and is used by much of the internet.) How much of the internet? It’s estimated that two-thirds of all active websites could have been affected, and while many companies hurried Tuesday to fix their sites, any data stored there was potentially exposed to cyber criminals.
It is believed this latest data breach could potentially puts tens of millions of consumers’ credit card, banking, email, social media and other online passwords and usernames at risk of hacking. And while much of the media is focused on the bigger picture about whether any data is really safe online, let's focus on the current situation: protecting your personal information.
Here are some steps to take to better protect yourself and your personal information.
Come up with new passwords -- but maybe don’t change them right away. The first instinct is go and reset the passwords for all the websites you visit. But if you do -- and a website hasn’t yet fixed the flaw -- your new password could be compromised as well and you’re no safer than before. Contact your online provider and bank and monitor the news and social media to see whether the websites you use have fixed the bug. (Many major Web services have already done so.) You can also run a “Heartbleed test” at Filippo or Qualys to see if a site is now safe.
Make sure you’re not using the same password among many different accounts. Stories abound of how a hacker gaining access to one password for one account allowed him to just about take over and destroy someone’s digital life. Now more than ever, you should be vigilant about your passwords. They should be long and complex and should be unique to each website you frequent. Sites such as How Secure Is My Password will tell you just how long it would take a program to crack a password. Of course, as the site itself advises, “This site could be stealing your password … it’s not, but it easily could be. Be careful where you type your password.” Instead, enter a password similar in length and complexity to see how vulnerable yours might be.
Keep an eye on your accounts. Check your bank, social media and other online accounts for any suspicious activity. If you see anything out of the ordinary, report it as soon as possible.
Continue to check your credit report three times a year. You can access your credit reports from each of the three major credit reporting bureaus -- Equifax, Experian and TransUnion -- for free each year at AnnualCreditReport.com. By requesting one report at a time every few months, you can space out your free access over the whole year.