The Heartbleed bug ( Biggest Data Breach ), a bug in OpenSSL cryptographic software library, has left billions of users vulnerable to sensitive information leak including those information that were perceived to be secure as they were shared with large, popular and relatively secure companies such as Google, Microsoft, Yahoo and etc. The systems have been vulnerable to Heartbleed bug for approximately two years and anyone who had the information about the bug could have got access to all the data without leaving any trace at all. Many service providers such as Google and Tumblr have already provided the patch but are requesting users to change their passwords as there is no credible way to sort out which data has been breached and which has not been compromised.
In this case it’s better to change your password anyway but if you are suspicious if your email address is safe or not or has been breached or not then there are few options for you to find that out. Websites like haveibeenpwned.com, PwnedList and Shouldichangemypassword.com allow you to find that out by entering your email. PwnedList and Shouldichangemypassword.com will also tell you about the date also when your email address had been compromised by hackers. All these websites are free to use. Be aware, that the database of these services is incomplete, ever increasing and not entirely reliable. The reason for this is that all these services gather information when it is shared by hackers. They hang around different hacking websites and when some information is shared by a hacker or by a hacking network then they update their databases. “Once we join those we get access to everything that is getting passed around,” says Steve Thomas, the co-founder of PwnedList. “Primary hackers will say ‘I just broke into XYZ company, here is their user list.’”
Since breaches made through Heartbleed bug are not traceable thus it will take a long time to estimate the number and details of the hacked accounts. PwnedList is preparing itself for the worst and is upgrading its database capability as mentioned by Thomas.
“If this issue isn’t fixed immediately at all companies (which it won’t be), then we can expect to see a large number of breaches and leaks enabled by this vulnerability.”
“We are preparing our database for a rapid increase in the number of compromised credentials, which Heartbleed will certainly contribute to.”
All information that is shared on these hacking networks by hackers is not correct. That is why when companies are informed about a breach, they are reluctant to share proper information with the affected customers.“People, sort of rightly say, ‘Wait, hang on a second, why didn’t these guys tell me?’” said, Troy Hunt, the man behind haveibeenpwned.com. “What surprises me a little about it is when there is a compromise, the company that is being compromised is in the best position of all to say whether it is legitimate or not. The vacuum of information from companies that are alleged to have been compromised is not a healthy thing.”
Hunt suggests using strong unmemorable passwords for each account and use a secure password manager to keep track of all of them.