The Heartbleed software bug left the door wide open to exploit OpenSSL.
Heartbleed is a software bug that was discovered in the open-source implementation of Transport Layer Security (TLS) and Secure Socket Layer (SSL), OpenSSL. OpenSSL is an open-source security system that assisted in the security of websites – one method involving public-key cryptography. The bug allows those with the expertise to access memory from servers and terminals that can lead to gaining access to sensitive information, such as account details and encryption keys.
Among the websites affected by the software bug are some of the most visited websites worldwide – including; Yahoo, Imgur, Google, Gmail, OkCupid and Tumblr. These sites have since been confirmed to be secure and appear to be safe to use. Blogging service Tumblr is just one of the affected websites to recommend that users now change their passwords to ensure accounts are made secure once again.
If you’re worried about your account security then you should conduct some research to ensure that websites you use have become secure once again before changing passwords – if they have not yet updated then making changes is pointless as they are still vulnerable. LastPass is a website that allows you to check if a website you use was vulnerable at any point and if they are now secure.
The Tor Project announced the Heartbleed bug on their blog on the 7th April and advised those seeking anonymity and privacy on the internet to:
you might want to stay away from the Internet entirely for the next few days while things settle.
Tor systems were also affected, causing potential lapses in privacy and anonymity in aystem which is widely considered to be the most secure and private in existence. Advice for users and developers alike is included on their most recent blog post.