In April of this year a security hole called Heartbleed was revealed as one of the largest of its kind in history. The vast majority of websites on the internet were left open to this bug, only being patched after many, many years of being left open for any hacker to take advantage of. Now - even two months after its discovery, well over 300,000 web servers are still unpatched.
Being "unpatched" for Heartbleed means a website is vulnerable to hackers that know how to take advantage of said bug. Near the end of April we discovered that Chrome, Google’s own web browser and one of the most popular web browsers on earth, still trusted Heartbleed-vulnerable websites en masse. Heartbleed is still out there.
It’s according to security researcher Robert Graham with Errata Security that we’ve still got to watch out for 300k websites even two months after the initial incident. These numbers - rough as they are - show that while systems are being patched, we’re still nowhere near worldwide safety coverage.
What's to be done?
You can check websites you visit on the regular with three simple steps that end with you changing your password, as well. It’s not necessarily enough that you change your passwords right off the bat - if your favorite website is still affected by Heartbleed, it’ll make no difference whether you change your password or not.