Heartbleed for Business Owners (non-techies)

As you may have heard a security error potentially allowed hackers to get passwords for a large number of emails and websites. You don’t need to change all your passwords but you definitely should change some.* In almost all cases banks, credit cards and shopping sites weren’t using the login software with the error. AABC credit card was.  

Change your Passwords

Please change your password(s) following accounts: 

I’ve put instructions where I had accounts to change. If you can’t figure out where the password changing screen is (& some are really obscure) try doing an internet search on: the name of the service and ‘change password’. If you care to leave instructions for others in the comments I’m sure others would appreciate it.

  • Google (go to blue person in dot on top right, select account, select security, change password, log out everyone, log your mobile device in again)
  • Facebook (go to the downward triangle(carat) next the lock in the upper right corner, settings, edit next to password)
  • Netflix
  • GoDaddy
  • Amazon web services (if you store files in the cloud, etc; not the shopping site)
  • Pinterest
  • Tumblr
  • Yahoo
  • Dropbox (downward carat by your name in upper right corner; settings; security tab; change password)
  • Box
  • Etsy
  • Flickr
  • Minecraft
  • Youtube
  • Github
  • OKCupid
  • Dreamhost – may or may not be a problem, don’t change your password until next week.
  • Wunderlist
  • Soundcloud

 Passwords known to be OK (there is a longer list but these were the ones businesses care about)

  • Apple (iTunes, iPhones, etc)
  • Linked in
  • Microsoft (outlook)
  • AOL
  • Hotmail
  • GroupOn
  • PayPal
  • Twitter

Check Your Website

 If your website has a login you can check if it still has the vulnerability at http://tif.mcafee.com/heartbleedtest
This test does not tell you if it was vulnerable in the past. If you have any doubts just change your password.

 *Best case – no one other than the NSA figured out the hack before the people at Google did and nothing leaked; worst case – someone harvested tons of email, social media and non-financial login info and either uses it to change the password and contact info on some of your financial sites or uses it to post horrific pictures to your account to support their cause-of-the-day.