You’ve probably heard about the Heartbleed Bug – the security flaw making international headlines as websites scramble for a fix and daily internet users are left with a barrage of questions. Here’s what you need to know.

WHAT IS IT?

Heartbleed is, simply put, a mistake. It’s not a virus and it was not created with malicious intent. Two years ago, a programmer left an unintentional hole buried in the code of the OpenSSL software that is intended to encrypt and protect user data on nearly two-thirds of all websites on the internet. To a hacker, this hole is a potential open doorway to access virtually any user data on a vulnerable website including user names and passwords, account information and online communication.

WHY DO I CARE?

With OpenSSL being so widely used, it’s nearly impossible for a web user to not have had any access to an affected site in the past two years. While there is no indication hackers had known about this issue prior to it becoming public last week, as companies around the web are applying a fix to their sites, they are recommending their users update passwords as a precautionary measure.

WHAT DO I DO NOW?

Check out the sites you use and see if they have issued a statement on the status of their site security. If they were vulnerable but have patched the issue, update your password immediately. Here are two online sites that allow you to enter the URL of a website to see if it is or has been vulnerable.

Check out: https://filippo.io/Heartbleed/ or https://www.ssllabs.com/ssltest/index.html

If a site is still vulnerable, it is necessary to wait until the bug has been fixed, otherwise changing your password will have no affect on the security of your information.