I'm not going to pretend I understand what Heartbleed actually does or how it does it. Suffice it to say that it is scary and it almost certainly affects you. Netcraft estimates that only about 17.5% of servers worldwide were affected, but chances are a site you visit and transfer personally identifiable data to was in that 17.5%. Here's a partial list:
- Yahoo Mail
As you can see, those are some pretty major sites. You've probably got an account on at least one of them.
Is it time to panic? Probably not. All these sites have already taken the necessary steps to correct the Heartbleed problem. What you should do is change your password for every site that you have, though, using the strongest passwords possible. It also may be time to close and delete some accounts, too. If you haven't needed to log in to a site in 9 months, you probably don't an account on that site. It's April and a little spring cleaning of your digital footprint is never a bad idea.
For those of you who would like to get your geek on and read a more in-depth article describing what Heartbleed is and how it works, check out "Anatomy of OpenSSL's Heartbleed: Just four bytes trigger horror bug" by Chris Williams.