For Your Immediate Attention: Heartbleed - what you should do to stay safe from this major online security flaw

A major online security flaw called Heartbleed was recently discovered by a researcher at Google and a Finnish security firm called Codenomicon. Though you may have already heard about it from one of the major news organisations who have been covering this since last night, we wanted to get in touch with you as well.

This issue is a flaw in OpenSSL, which is the encryption technology that two thirds of the websites, including HealthUnlocked, use. The HealthUnlocked team immediately released a patch to fix this issue and for added measure they logged out every member of HealthUnlocked to make everyone login again.

Though the risk is very minimal, there is a chance that some of your personal information, like your password, in one of your online accounts may have been affected. As a consequence, we strongly recommend that you do the following:

1. log out of websites where you selected 'keep me logged in' & login again

2. update all your passwords

You may find HealthUnlocked's article, "Three tips to create a strong password" helpful. You can read it at;

blog.healthunlocked.com/pos...

9 Replies

oldestnewest
  • Thanks for that Paul

  • Many thanks.

  • Not heard anything about that but thank you for letting us know...

  • I have not seen anything about this although I did have to log in the other day half way through a post

  • Thanks for this Paul, I wondered why I'd been logged out.

  • This security flaw is *2* years old! The advice given by security experts on Tuesday / Wednesday was DON'T rush to change your passwords - (the typical reaction to a security breach) – because it could make the problem worse if the web server hasn't been updated to fix the flaw. It could even increase the chance of somebody getting the new password through the vulnerability because logging in to an insecure server to change a password could reveal both the old and new passwords to an attacker. However by today fixes surely should be in place. Users can check whether a specific site remains vulnerable to Heartbleed with a tool put together by developer Filippo Valsorda - filippo.io/Heartbleed/

  • Thank you x

  • Thank you Paul.

  • Thanks

You may also like...