Vulnerable websites include those you frequent on a regular basis, such as your favorite social networks, online retailers and even those run by the government. High-traffic sites like Yahoo were, and still may be, running outdated versions of the encryption system. These outdated encryption systems could mean your usernames, passwords or other sensitive information are no longer secure. The Heartbleed Bug, the name of this flaw in the OpenSSL encryption software, allows anyone on the internet to read the memory of the systems protected by this software – enabling attackers to eavesdrop on communications, steal data directly from users and impersonate users. Because so many websites use this form of OpenSSL encryption, there is a high probability that your usernames, passwords or other sensitive information have been exposed.
To protect yourself, you should wait a few days for website owners to update their system encryption and then change all your passwords. If a website hasn’t been updated yet, any new password you enter could still be susceptible. You might be notified by website owners to change your password within the next couple days. If so, change your password at that time. It’s important that you do not change your password on a website that is still vulnerable. Please keep in mind that The Heartbleed Bug has put two-thirds of the web at risk. Even if you don’t believe the websites you visit were affected, it is a good idea to change your passwords just in case. Again, UHCU’s website and Online Banking system are not directly impacted by this form of encryption vulnerability.
More Helpful Information about the Heartbleed BugThe Heartbleed Bug - Official Site
Giant Web Vulnerability Brings Indirect Risk to Digital Banking - American Banker
Heartbleed Bug: What You Need to Know - Bank Info Security
What You Need to Know about Heartbleed - ReadWrite
In an effort to prevent fraud and identity theft, United Heritage Credit Union seeks to inform its members of major security breaches that potentially compromise personal information. If you believe you are a victim of fraud or have questions regarding suspicious account activity, please contact United Heritage at 512.435.4545, 903.597.7484 or 800.531.2328.