Skip to main content

Here’s a list of websites allegedly affected by the Heartbleed bug (updated)

heres a list of websites allegedly affected by the heartbleed bug bleeding heart
Image used with permission by copyright holder

Update: 4/10/14 10:52 am EST: Here’s another list of 512 sites that are labeled as “Vulnerable,” according to a Github user. They were scanned at 4/9/14 14:00 UTC, and are reportedly among the 10,000 most popular sites on the Internet, according to Alexa, an Internet analytics firm. You can download the full list here, though you’ll need a program like WinRAR to open it, which you can grab here (don’t worry, the program is free to use). Among the notable sites on this list are Toshiba.com, dailycaller.com, and escapist magazine.com. This list also includes websites with Russian, Indian, Australian, and other non-U.S. domains.

Update: 4/10/14 3:01 pm EST: These websites and services were either once vulnerable, or suspected to be susceptible to the Heartbleed bug, but have reportedly been patched since and are now safe to use. We still advise that you exercise caution though.

  1. Facebook
  2. Instagram
  3. Pinterest
  4. Tumblr
  5. Twitter
  6. Google
  7. Yahoo
  8. Gmail
  9. Yahoo Mail
  10. GoDaddy
  11. Intuit Turbo Tax
  12. Dropbox
  13. Minecraft
  14. OkCupid

Now, for the other side of the coin. At this point, according to the original Github list we found, these are among the most prominent, recognizable, and popular websites that are allegedly not affected by the Heartbleed OpenSSL encryption bug.

  1. Google.com is not vulnerable to Heartbleed.
  2. Chase.com is not vulnerable to Heartbleed.
  3. BankofAmerica.com is not vulnerable to Heartbleed.
  4. WellsFargo.com is not vulnerable to Heartbleed.
  5. Facebook.com is not vulnerable to Heartbleed.
  6. YouTube.com is not vulnerable to Heartbleed.
  7. Baidu.com is not vulnerable to Heartbleed.
  8. Wikipedia.org is not vulnerable to Heartbleed.
  9. Twitter.com is not vulnerable to Heartbleed.
  10. Amazon.com is not vulnerable to Heartbleed.
  11. Linkedin.com does not use SSL.
  12. eBay.com does not use SSL.
  13. Bing.com does not use SSL.
  14. Pinterest.com is not vulnerable to Heartbleed
  15. Ask.com does not use SSL.
  16. Google.fr is not vulnerable to Heartbleed.
  17. Google.co.jp is not vulnerable to Heartbleed.
  18. Msn.com does not use SSL.
  19. Instagram.com is not vulnerable to Heartbleed.
  20. Google.co.uk is not vulnerable to Heartbleed.
  21. Tumblr.com is not vulnerable to Heartbleed.
  22. Google.com.br is not vulnerable to Heartbleed.
  23. Microsoft.com does not use SSL.
  24. Paypal.com is not vulnerable to Heartbleed.
  25. Google.ru is not vulnerable to Heartbleed.
  26. Xvideos.com is not vulnerable to Heartbleed.
  27. Imbd.com is not vulnerable to Heartbleed.
  28. Apple.com does not use SSL.
  29. CNN.com does not use SSL.
  30. Craigslist.org is not vulnerable to Heartbleed.
  31. Xhamster.com is not vulnerable to Heartbleed.
  32. Reddit.com is not vulnerable to Heartbleed.
  33. Bbc.co.uk is not vulnerable to Heartbleed.
  34. Blogger.com is not vulnerable to Heartbleed.
  35. Alibaba.com does not use SSL.
  36. WordPress.org is not vulnerable to Heartbleed.
  37. Godaddy.com is not vulnerable to Heartbleed.
  38. About.com does not use SSL.
  39. ThePiratebay.se is not vulnerable to Heartbleed.
  40. Espn.go.com is not vulnerable to Heartbleed.
  41. Dailymotion.com is not vulnerable to Heartbleed.
  42. Netflix.com does not use SSL.
  43. Dailymail.co.uk does not use SSL.
  44. Adobe.com is not vulnerable to Heartbleed.
  45. Vimeo.com does not use SSL.
  46. Xnxx.com does not use SSL.
  47. Ebay.co.uk does not use SSL.
  48. Livejasmine.com does not use SSL.
  49. Rakuten.co.jp does not use SSL.
  50. Cnet.com does not use SSL.
  51. AOL.com does not use SSL.
  52. Amazon.co.uk is not vulnerable to Heartbleed.
  53. Dropbox.com is not vulnerable to Heartbleed.
  54. Youporn.com  is not vulnerable to Heartbleed.
  55. Nytimes.com does not use SSL.
  56. Buzzfeed.com does not use SSL.
  57. Weather.com does not use SSL.
  58. Wikimedia.org is not vulnerable to Heartbleed.
  59. Bbc.com is not vulnerable to Heartbleed.
  60. Google.com.tw is not vulnerable to Heartbleed.
  61. Yelp.com is not vulnerable to Heartbleed.
  62. Mozilla.org is not vulnerable to Heartbleed.
  63. Livejournal.com is not vulnerable to Heartbleed.
  64. Hootsuite.com is not vulnerable to Heartbleed.
  65. Wikia.com is not vulnerable to Heartbleed.
  66. Wikihow.com does not use SSL.
  67. Theguardian.com is does not use SSL.
  68. Deviantart.com is not vulnerable to Heartbleed.
  69. Answers.com is not vulnerable to Heartbleed.
  70. Foxnews.com is not vulnerable to Heartbleed.
  71. Stumbleupon.com is not vulnerable to Heartbleed.
  72. Forbes.com does not use SSL.
  73. AVG.com does not use SSL.
  74. Torrentz.eu is not vulnerable to Heartbleed.
  75. Mediafire.com is not vulnerable to Heartbleed.
  76. Sourceforge.net is not vulnerable to Heartbleed.
  77. Salesforce.com is not vulnerable to Heartbleed.
  78. Spiegel.de does not use SSL.
  79. Github.com is not vulnerable to Heartbleed.
  80. Indeed.com is not vulnerable to Heartbleed.
  81. Skype.com does not use SSL.
  82. Zillow.com is not vulnerable to Heartbleed.
  83. Walmart.com does not use SSL.
  84. Wsj.com is not vulnerable to Heartbleed.
  85. Tube8.com does not use SSL.
  86. Telegraph.co.uk is not vulnerable to Heartbleed.
  87. Pandora.com is not vulnerable to Heartbleed.
  88. Google.se is not vulnerable to Heartbleed.
  89. Photobucket.com does not use SSL.
  90. Reuters.com is not vulnerable to Heartbleed.
  91. Businessinsider.com is not vulnerable to Heartbleed.
  92. 9gag.com is not vulnerable to Heartbleed.
  93. Blogspot.com.es is not vulnerable to Heartbleed.
  94. Ups.com is not vulnerable to Heartbleed.
  95. Mashable.com is not vulnerable to Heartbleed.
  96. Media.tumbler.com is not vulnerable to Heartbleed.
  97. Bleacherreport.com is not vulnerable to Heartbleed.
  98. Twitch.tv does not use SSL.
  99. Ikea.com does not use SSL.
  100. Comcast.net does not use SSL.

Original story

The Heartbleed bug is sending shockwaves throughout the Internet right now, and potentially leaves unimaginable amounts of private data exposed to hackers who take advantage of the flaw in the OpenSSL encryption software used by some of the world’s most popular websites. Considering that the flaw can expose a range of sensitive data, including usernames, passwords, emails, instant messages, credit card numbers, and more, it’s imperative that you do what you can to minimize the damage.

But are there any actions that you can proactively take to ensure that the bug doesn’t hit you? Since this is a problem with the very encryption software that’s supposed to protect your data on the Web, inaction appears to be the best course of action. Simply by avoiding sites that have reportedly been affected, you’ll stay safer. We also recommend you change your passwords, which Yahoo advised as a course of action via Tumblr. So which sites should you quarrantine?

According to a list compiled by a user of Github (a website geared towards the Web development community), popular affected sites include Yahoo.com, dating site OkCupid.com, torrent site kickass.to, and porn site Redtube.com. Flickr.com, steamcommunity.com, and slate.com are also identified on the list as sites affected by the Heartbleed Bug. You can check out the full list here, which also includes a list of sites that aren’t affected by the flaw.

MORE: Heartbleed Web bug might expose vast amount of private data

Amazon and Yahoo are working to apply the fix across all of their services. Yahoo said it’s already done that with a multitude of sites, including the homepage, Yahoo Search, Yahoo Mail, Yahoo Sports, and more. Amazon states that it too has applied the fix to the majority of services. You can read Amazon’s statement on the matter here.

It’s worth noting, however, that the initial reports surrounding last year’s Adobe breaches indicated that the size and scope of the attacks were much smaller than they turned out to be in the end.

The Github post that includes this list of Heartbleed-affected sites states that the scans were conducted “around” April 8, 12:00:00 UTC. Therefore, that list could also include sites that have since plugged the OpenSSL vulnerability.

Be sure to read our guide to What the Heartbleed OpenSSL Bug Is and How to Protect Your Android from Heartbleed Guide. We also have a robust list of Android, iOS, and Windows Apps Affected by Heartbleed and Video Game Services Affected by Heartbleed.

What do you think? Sound off in the comments below.

Image credit: http://images4.fanpop.com

Editors' Recommendations

Konrad Krawczyk
Former Digital Trends Contributor
Konrad covers desktops, laptops, tablets, sports tech and subjects in between for Digital Trends. Prior to joining DT, he…
Samsung adding Auracast and 360 Audio to more TVs, phones, and earbuds
Samsung Galaxy Buds 2 Pro.

Samsung today announced a series of updates for some televisions and a trio of earbuds that will add features across the board, and also allow everything to play together that much more.

Auracast is one of the more interesting features on the way. It essentially allows one device to pick up a signal being broadcast by another, not unlike a radio. Samsung has had Auracast on select TVs for a while now, and it's been available on multiple Galaxy Buds earbuds. Now, it's expanding to phones and tablets. The ability to broadcast will hit the Galaxy S24 and S23 phones, the Galaxy Z Fold 5 and Z Flip 5, and the Tab S9 series. (They'll all need to have One UI 6.1 or newer.) And the ability to listen to an Auracast broadcast is coming to the Galaxy S24 series, S23 series, Z Fold5, Z Fold4, Z Flip5, Z Flip4, A54 5G, M54 5G, Tab S9 series, Tab S9 FE series and Tab Active 5 5G with One UI 5.1.1 or above.

Read more
I never knew I needed this mini Mac app, but now I can’t live without it
Apple MacBook Pro 16 downward view showing keyboard and speaker.

Switching apps is something I do countless times every day on my Mac, so much so that I don’t ever think anything of it. That is until recently, when I discovered a new app that has me flipping windows in a new (and much-improved) way.

That app is called Quick Tab, and it’s designed to make app switching a little more painless. Now, I’ll admit that I’ve never thought of the traditional Command-Tab key combination as all that painful, but Quick Tab has swiftly shown me what I’ve been missing.

Read more
Here’s how two of the best budget CPUs stack up against each other
Pads on the AMD Ryzen 7 7800X3D.

If you're buying or building a new computer in 2024, your two main CPU choices are AMD's Ryzen 7000 series or Intel's 13th and 14th generations. Two of the best budget CPUs from those two lines are the AMD Ryzen 5 7600 and Intel's Core i5-14400. Both are built on the latest processes and architectures from each company, and come with plenty of cores and high clock speeds. They're also far more power efficient than the top chips.

To help you decide which is the best CPU for you, let's take a look at how the 7600 and 14400.
Pricing and availability
The AMD Ryzen 7600 was initially launched in January 2023 alongside the other non-X CPUs from its generation. It debuted with a price tag of $229, which it has mostly maintained to this day. However, the higher-end 7600X has come down in price and can often be found for a comparable investment, so it's always worth checking that price before buying a 7600.

Read more