How to tell if Heartbleed could have stolen your password and when its safe to change it!

If you’ve been reading the press you may have noticed recent articles about the Heartbleed virus which has been affecting “open source” https:// sites for about the last 2 years. While it is a concern its also important not to panic or change your passwords too soon.

For example out of 10,000 sites recently tested only 647 had been affected and bank sites (HSBC, Westpac, ANZ, Commonwealth, NAB, Bendigo etc.) are not affected. Websites that require a high level of security such as banks, share dealing sites etc. will be not be using the free “open source” version of https but specialised purchased security versions.

Most transacting sites will be testing themselves and will notify you to change your password if they suspect they’ve been breached – BUT this problem is also likely to spark a number of phantom emails to change your passwords. If you are requested to change your password by a site that you use regularly DON’T go to it from any link within the notification email especially if the email says you have to use their special link within the email! DO go to the website by entering the official organisation address manually into the address bar and change your password from within the official site.

For the moment we also advise that you don’t go to any Heartbleed checking sites that enable you to check if a website is affected.