It has recently been discovered that OpenSSL, a popular encryption technology that 2/3 of websites use, is vulnverable to a bug dubbed the Heartbleed bug.   If not properly patched, these sites are open to malicious attacks meaning your passwords and personal data may have been stolen or compromised; a significant number of websites are affected: bank and investment sites, online retailers, airlines, social media like Facebook, Pinterest, Instagram, Gmail, Yahoo Mail, etc.

There’s been allot of confusion and miscommunication regarding what to do about this bug.  Allot of major news providers suggested changing passwords right away even when in some cases, it was not appropriate because a website was NOT affected or because it was too premature meaning changing passwords too soon won’t help because your new password could be jeopardized while the owners of the site get around to fixing the issue.

Here’s what you should do.

#1.  Assume the worse meaning take inventory of all sites you’ve used in the past that might be affected.  I have a client for example that jotted down all sites she used in the last year or more that required a logon/password like CitiBank, Bank of America, Fidelity, Disney, Amazon, KLM and Delta Airlines, Facebook, Twitter, Gmail, Yahoo-Mail, etc.

#2 Use this site to check if the list of websites you gathered in step #1 are affected and if affected whether or not the site has been repaired and if a site has been repaired, advice you should consider regarding changing your password.

#3  If you can’t find the website you’re researching you should call or email customer service for that company.  For example, if you can’t find the KLM Airlines site klm.com using the site checker in step #2, you should call or email customer support at KLM as soon as possible to determine what to do.