Serval Systems Ltd Blog

Heartbleed Bug – How to Recover if you Got Hacked

Last week it was revealed that there was a bug in the encryption software OpenSSL putting you and your business’ private information at risk of being hacked.

The Heartbeat Extension was introduced into OpenSSL on December 31, 2011; little did the developers know that they would be implementing the Internet’s biggest security threat, the Heartbleed bug, into the source code. OpenSSL is responsible for protecting thousands of websites, including internet giants such as YouTube, Google, Tumblr and Yahoo, but the bug wasn’t discovered and reported until 7th April 2014. It is unclear how long potential attackers were aware of the bug and the extent to which it has been exploited.

Routers, firewalls and switches have all been affected by the hack. Therefore when you are on websites either on your desktop, mobile or other devices the data exchanged between you and the website could be accessed including passwords, users’ session cookies, private keys and other personal information.

Two Recovery Actions to Take:

1. Check if your website is affected by Heartbleed

If you have a secure website (a padlock displays in your browser) then your web developer or hosting personnel should analyse which encryption you use and by putting your website’s address in the Heartbleed checker.

If your website has been compromised by Heartbleed it is important you update it with the latest version of OpenSSL, which is free from the Heartbleed bug, immediately.

2. Check if the websites you use have been compromised

There is a high chance that you use one of the 500,000 websites that have been compromised by Heartbleed. It is advised to change your passwords on these websites, especially the ones you regularly use. However, only change your passwords once the site has been fixed (using the Heartbleed checker) otherwise you are putting your new password at risk. The safest way is to make your passwords strong and different on each website.

Tip: not all hacks are common knowledge, or at least straight away, so it is important to check your website and personal accounts e.g. online banking, email, social media profiles etc, and investigate if you notice anything suspicious or out of the ordinary.

Find out more about how to keep your business secure and protected from potential risks in the future. Simply call Serval Systems on 0843 636 6700

This entry was posted on Tuesday, April 22nd, 2014 at 2:48 pm and is filed under Fresh News, News, Top IT Tips. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply