When Heartbleed bug was uncovered affecting millions of users across the world, Internet users were reminded of the reality of how vulnerable and unsecured the Internet ecosystem is. Heartbleed's OpenSSL security flaw affected a whopping 66% of the entire Internet during the time of its discovery. In addition, the bug also compromised the usernames and passwords on innumerable popular websites and services. The recent news is that, the Heartbleed bug also affected Android Apps in Google Play Store.
Big corporates were the first ones to address the vulnerability by applying required security patches and requested their users to change their passwords to their sites. It is worth noting that, Heartbleed bug was found two years after it started spreading across the Internet space. In reality, the attackers might have exploited this flaw long back and there is a good possibility that login details of various sites and services were compromised earlier on.
How to Find-Out if an Account Was Hacked?
According to reports, not all the websites and services have applied security patch. This means, we are still vulnerable to such attacks online. In order to check if any of your online accounts have been hacked because of Heartbleed bug, there are free websites that would do the job in a matter of clicks. The process is quite simple and easy to test.
Adam Tanner from Forbes has come up with a list of three effective websites that will let the users know if their accounts have been hacked.
1. The Web site haveibeenpwned.com allows users to enter their email address to see if hackers have compromised the mail id or the associated accounts.
2. One other Web site PwnedList.com can be used to check if the email and the associated accounts have been hacked. In addition to telling if the account is hacked, this Web site also provides the date of the attack.
3. Another Web site Shouldichangemypassword.com works in the similar way like the websites listed above.
It is worth noting that, all the websites mentioned above are free and they also have an option that would let the Web site to notify the users directly if the same email address is compromised again in future.
According to Steve Thomas, a co-founder of PwnedList, "The site learns of about a dozen different data leaks each day, where 100,000 to 500,000 accounts/services are compromised. "
If an Account was Hacked, What is the Next Step?
As a rule of thumb, change the account password immediately. It is worth noting that, having a password management tool always works in such situations.
Interested users can try 1Password password management tool. This password manager keeps track of users' passwords for various accounts & services; it also features auto-fill, password generator, credit card support, and secure notes, among others.
LastPass for Android is another password management tool which is very sophisticated and useful.