LUpus Patients Understanding and Support

Heartbleed Security Flaw

"A major online security flaw called Heartbleed was recently discovered by a researcher at Google and a Finnish security firm called Codenomicon. Though you may have already heard about it from one of the major news organisations like the NYTimes that have been covering this since last night, we wanted to get in touch with you as well.

This issue is a flaw in OpenSSL, which is the encryption technology that two thirds of the websites, including HealthUnlocked, use. We immediately released a patch to fix this issue and for added measure this morning we logged out every member of HealthUnlocked to make everyone login again.

Though the risk is very minimal, there is a chance that some of your personal information, like your password, in one of your online accounts may have been affected. As a consequence, we strongly recommend that you do the following:

1. log out of websites where you selected 'keep me logged in' & login again

2. update all your passwords."


1) Log out and log back in to any site where you stay logged in

2) Change your Internet passwords as each site informs you that they've fixed this security problem

- Update your HealthUnlocked password NOW - they've patched their servers

3) For at least the next week, keep an eye on any of your sensitive online accounts (banking, webmail) for suspicious activity. (Thanks for that tip, Chris)

4) Further to (2) above, in a few weeks time change your passwords AT LEAST on all sites where you've previously provided sensitive information.

Three tips to create a strong password

More on Heartbleed

The Australian - excellent article

Note that Facebook, Google (YouTube, Gmail, etc) and Yahoo (yahoo services, Flickr, Tumblr) are already patched, so you should update your passwords for these sites if you use them.

New York Times article

Yahoo Tech - from Chris's post. A bit more about the techical side of things for those interested.

Note well: You will NOT be protected from Heartbleed even if you have applied all security updates to your operating system and the programs you use on your computer/tablet/smartphone, etc and are using an updated virus protection application. The security vulnerability is on the server end of the connection - not your end.