Subscribe To Our Blog

Email Updates
To sign up for updates or to access your subscriber preferences, please enter your contact information below.

Tuesday, April 15, 2014

Heartbleed Bug - Steps to Take

As you are well aware of by now, an OpenSSL vulnerability called "Heartbleed" was recently discovered that can potentially impact internet communications and transmissions that were otherwise intended to be encrypted.

Many websites have already begun issuing patches and have information posted on their websites addressing the vulnerability and a plan of action. For example,  Google, Facebook, and Yahoo implemented patches to fix the vulnerability.

Even though websites are addressing the problem, consumers should still use caution until the vulnerability has been fully addressed.

Steps to Take:
  • Change Passwords after the Vulnerability Has Been Fixed
    Changing passwords is strongly recommended, but only after the vulnerability has been fully addressed. Changing passwords before the vulnerability is fixed could still leave consumers vulnerable. If you have questions whether or not the vulnerability has been addressed for a specific website, check the website for an update or contact the company directly.
  • Stay Tuned for Updates
    Closely monitor your email for updates from websites you frequently login to. Many websites are emailing their customers regarding their breach and/or posting information to their website. If you need to change your password, they should inform you.
DFI is working with the financial institutions that we regulate to assist them in implementing patches for the bug.