Skip to main content

Here’s a list of websites allegedly affected by the Heartbleed bug (updated)

heres a list of websites allegedly affected by the heartbleed bug bleeding heart

Update: 4/10/14 10:52 am EST: Here’s another list of 512 sites that are labeled as “Vulnerable,” according to a Github user. They were scanned at 4/9/14 14:00 UTC, and are reportedly among the 10,000 most popular sites on the Internet, according to Alexa, an Internet analytics firm. You can download the full list here, though you’ll need a program like WinRAR to open it, which you can grab here (don’t worry, the program is free to use). Among the notable sites on this list are Toshiba.com, dailycaller.com, and escapist magazine.com. This list also includes websites with Russian, Indian, Australian, and other non-U.S. domains.

Update: 4/10/14 3:01 pm EST: These websites and services were either once vulnerable, or suspected to be susceptible to the Heartbleed bug, but have reportedly been patched since and are now safe to use. We still advise that you exercise caution though.

  1. Facebook
  2. Instagram
  3. Pinterest
  4. Tumblr
  5. Twitter
  6. Google
  7. Yahoo
  8. Gmail
  9. Yahoo Mail
  10. GoDaddy
  11. Intuit Turbo Tax
  12. Dropbox
  13. Minecraft
  14. OkCupid

Now, for the other side of the coin. At this point, according to the original Github list we found, these are among the most prominent, recognizable, and popular websites that are allegedly not affected by the Heartbleed OpenSSL encryption bug.

  1. Google.com is not vulnerable to Heartbleed.
  2. Chase.com is not vulnerable to Heartbleed.
  3. BankofAmerica.com is not vulnerable to Heartbleed.
  4. WellsFargo.com is not vulnerable to Heartbleed.
  5. Facebook.com is not vulnerable to Heartbleed.
  6. YouTube.com is not vulnerable to Heartbleed.
  7. Baidu.com is not vulnerable to Heartbleed.
  8. Wikipedia.org is not vulnerable to Heartbleed.
  9. Twitter.com is not vulnerable to Heartbleed.
  10. Amazon.com is not vulnerable to Heartbleed.
  11. Linkedin.com does not use SSL.
  12. eBay.com does not use SSL.
  13. Bing.com does not use SSL.
  14. Pinterest.com is not vulnerable to Heartbleed
  15. Ask.com does not use SSL.
  16. Google.fr is not vulnerable to Heartbleed.
  17. Google.co.jp is not vulnerable to Heartbleed.
  18. Msn.com does not use SSL.
  19. Instagram.com is not vulnerable to Heartbleed.
  20. Google.co.uk is not vulnerable to Heartbleed.
  21. Tumblr.com is not vulnerable to Heartbleed.
  22. Google.com.br is not vulnerable to Heartbleed.
  23. Microsoft.com does not use SSL.
  24. Paypal.com is not vulnerable to Heartbleed.
  25. Google.ru is not vulnerable to Heartbleed.
  26. Xvideos.com is not vulnerable to Heartbleed.
  27. Imbd.com is not vulnerable to Heartbleed.
  28. Apple.com does not use SSL.
  29. CNN.com does not use SSL.
  30. Craigslist.org is not vulnerable to Heartbleed.
  31. Xhamster.com is not vulnerable to Heartbleed.
  32. Reddit.com is not vulnerable to Heartbleed.
  33. Bbc.co.uk is not vulnerable to Heartbleed.
  34. Blogger.com is not vulnerable to Heartbleed.
  35. Alibaba.com does not use SSL.
  36. WordPress.org is not vulnerable to Heartbleed.
  37. Godaddy.com is not vulnerable to Heartbleed.
  38. About.com does not use SSL.
  39. ThePiratebay.se is not vulnerable to Heartbleed.
  40. Espn.go.com is not vulnerable to Heartbleed.
  41. Dailymotion.com is not vulnerable to Heartbleed.
  42. Netflix.com does not use SSL.
  43. Dailymail.co.uk does not use SSL.
  44. Adobe.com is not vulnerable to Heartbleed.
  45. Vimeo.com does not use SSL.
  46. Xnxx.com does not use SSL.
  47. Ebay.co.uk does not use SSL.
  48. Livejasmine.com does not use SSL.
  49. Rakuten.co.jp does not use SSL.
  50. Cnet.com does not use SSL.
  51. AOL.com does not use SSL.
  52. Amazon.co.uk is not vulnerable to Heartbleed.
  53. Dropbox.com is not vulnerable to Heartbleed.
  54. Youporn.com  is not vulnerable to Heartbleed.
  55. Nytimes.com does not use SSL.
  56. Buzzfeed.com does not use SSL.
  57. Weather.com does not use SSL.
  58. Wikimedia.org is not vulnerable to Heartbleed.
  59. Bbc.com is not vulnerable to Heartbleed.
  60. Google.com.tw is not vulnerable to Heartbleed.
  61. Yelp.com is not vulnerable to Heartbleed.
  62. Mozilla.org is not vulnerable to Heartbleed.
  63. Livejournal.com is not vulnerable to Heartbleed.
  64. Hootsuite.com is not vulnerable to Heartbleed.
  65. Wikia.com is not vulnerable to Heartbleed.
  66. Wikihow.com does not use SSL.
  67. Theguardian.com is does not use SSL.
  68. Deviantart.com is not vulnerable to Heartbleed.
  69. Answers.com is not vulnerable to Heartbleed.
  70. Foxnews.com is not vulnerable to Heartbleed.
  71. Stumbleupon.com is not vulnerable to Heartbleed.
  72. Forbes.com does not use SSL.
  73. AVG.com does not use SSL.
  74. Torrentz.eu is not vulnerable to Heartbleed.
  75. Mediafire.com is not vulnerable to Heartbleed.
  76. Sourceforge.net is not vulnerable to Heartbleed.
  77. Salesforce.com is not vulnerable to Heartbleed.
  78. Spiegel.de does not use SSL.
  79. Github.com is not vulnerable to Heartbleed.
  80. Indeed.com is not vulnerable to Heartbleed.
  81. Skype.com does not use SSL.
  82. Zillow.com is not vulnerable to Heartbleed.
  83. Walmart.com does not use SSL.
  84. Wsj.com is not vulnerable to Heartbleed.
  85. Tube8.com does not use SSL.
  86. Telegraph.co.uk is not vulnerable to Heartbleed.
  87. Pandora.com is not vulnerable to Heartbleed.
  88. Google.se is not vulnerable to Heartbleed.
  89. Photobucket.com does not use SSL.
  90. Reuters.com is not vulnerable to Heartbleed.
  91. Businessinsider.com is not vulnerable to Heartbleed.
  92. 9gag.com is not vulnerable to Heartbleed.
  93. Blogspot.com.es is not vulnerable to Heartbleed.
  94. Ups.com is not vulnerable to Heartbleed.
  95. Mashable.com is not vulnerable to Heartbleed.
  96. Media.tumbler.com is not vulnerable to Heartbleed.
  97. Bleacherreport.com is not vulnerable to Heartbleed.
  98. Twitch.tv does not use SSL.
  99. Ikea.com does not use SSL.
  100. Comcast.net does not use SSL.

Original story

The Heartbleed bug is sending shockwaves throughout the Internet right now, and potentially leaves unimaginable amounts of private data exposed to hackers who take advantage of the flaw in the OpenSSL encryption software used by some of the world’s most popular websites. Considering that the flaw can expose a range of sensitive data, including usernames, passwords, emails, instant messages, credit card numbers, and more, it’s imperative that you do what you can to minimize the damage.

But are there any actions that you can proactively take to ensure that the bug doesn’t hit you? Since this is a problem with the very encryption software that’s supposed to protect your data on the Web, inaction appears to be the best course of action. Simply by avoiding sites that have reportedly been affected, you’ll stay safer. We also recommend you change your passwords, which Yahoo advised as a course of action via Tumblr. So which sites should you quarrantine?

According to a list compiled by a user of Github (a website geared towards the Web development community), popular affected sites include Yahoo.com, dating site OkCupid.com, torrent site kickass.to, and porn site Redtube.com. Flickr.com, steamcommunity.com, and slate.com are also identified on the list as sites affected by the Heartbleed Bug. You can check out the full list here, which also includes a list of sites that aren’t affected by the flaw.

MORE: Heartbleed Web bug might expose vast amount of private data

Amazon and Yahoo are working to apply the fix across all of their services. Yahoo said it’s already done that with a multitude of sites, including the homepage, Yahoo Search, Yahoo Mail, Yahoo Sports, and more. Amazon states that it too has applied the fix to the majority of services. You can read Amazon’s statement on the matter here.

It’s worth noting, however, that the initial reports surrounding last year’s Adobe breaches indicated that the size and scope of the attacks were much smaller than they turned out to be in the end.

The Github post that includes this list of Heartbleed-affected sites states that the scans were conducted “around” April 8, 12:00:00 UTC. Therefore, that list could also include sites that have since plugged the OpenSSL vulnerability.

Be sure to read our guide to What the Heartbleed OpenSSL Bug Is and How to Protect Your Android from Heartbleed Guide. We also have a robust list of Android, iOS, and Windows Apps Affected by Heartbleed and Video Game Services Affected by Heartbleed.

What do you think? Sound off in the comments below.

Image credit: http://images4.fanpop.com

Editors' Recommendations

Konrad Krawczyk
Former Digital Trends Contributor
Konrad covers desktops, laptops, tablets, sports tech and subjects in between for Digital Trends. Prior to joining DT, he…
Which Cisco routers, modems and networking gear are affected by and safe from the Heartbleed bug?
cisco to cut 6000 jobs as it battles slow sales in emerging markets

Though the now-infamous Heartbleed bug is currently being patched by many companies on the website level, the OpenSSL data encryption flaw also affects an unknown amount of networking hardware from companies including Cisco Systems.
Cisco published a bulletin on its site, warning that some of its networking hardware and software, which includes routers, Ethernet switches, access points, and more, is affected by the Heartbleed bug, a flaw in the OpenSSL data encryption software used by many of the world's websites. Though most of this hardware wouldn't be found in the average person's home, the hardware that Cisco identifies as vulnerable is likely used by private companies, governments, and other organizations.
We reached out to Cisco for comment, and asked whether a patched website would still be vulnerable to Heartbleed if the organization running the site is still using Cisco hardware and/or services to keep it up and running. Nigel Glennie, Senior Manager of Global Corporate Communcations for Cisco, responded to our request for comment, stating that the list of affected hardware and services "are not going to be the type of products that allow the exploitation of user data on a website."
However, that seems to run contrary to Cisco's own bulletin, which states that "Multiple Cisco products incorporate a version of the OpenSSL package affected by a vulnerability that could allow an unauthenticated, remote attacker to retrieve memory in chunks of 64 kilobytes from a connected client or server." On top of that, the bulletin also states that "disclosed portions of memory could contain sensitive information that may include private keys and passwords."
Digital Trends is currently awaiting clarification on the apparent discrepancy between Glennie's statement and Cisco's published security advisory.
Here's the list of Cisco networking hardware and services that's affected by the Heartbleed bug, according to the firm's official bulletin, as of this writing. Cisco will continue to update these lists, so check back with this Security Advisory page often.

Cisco AnyConnect Secure Mobility Client for iOS [CSCuo17488]
Cisco Desktop Collaboration Experience DX650
Cisco Unified 7800 series IP Phones
Cisco Unified 8961 IP Phone
Cisco Unified 9951 IP Phone
Cisco Unified 9971 IP Phone
Cisco IOS XE [CSCuo19730]
Cisco Unified Communications Manager (UCM) 10.0
Cisco Universal Small Cell 5000 Series running V3.4.2.x software
Cisco Universal Small Cell 7000 Series running V3.4.2.x software
Small Cell factory recovery root filesystem V2.99.4 or later
Cisco MS200X Ethernet Access Switch
Cisco Mobility Service Engine (MSE)
Cisco TelePresence Video Communication Server (VCS) [CSCuo16472]
Cisco TelePresence Conductor
Cisco TelePresence Supervisor MSE 8050
Cisco TelePresence Server 8710, 7010
Cisco TelePresence Server on Multiparty Media 310, 320
Cisco TelePresence Server on Virtual Machine
Cisco TelePresence ISDN Gateway 8321 and 3201 Series
Cisco TelePresence Serial Gateway Series
Cisco TelePresence IP Gateway Series
Cisco WebEx Meetings Server versions 2.x [CSCuo17528]
Cisco Security Manager [CSCuo19265]

Read more
How to update Ubuntu to plug the Heartbleed OpenSSL flaw
how to update ubuntu plug heartbleed openssl flaw

The Heartbleed OpenSSL bug is unlike virtually any Internet security threat you've probably ever heard of. It's not a virus that's specific to one operating system or type of device. Since it revolves around a flaw in the method of encryption used by many of the world's websites, it affects almost everyone who uses the Internet, including people who operate servers that run Ubuntu Linux, the free, open-source operating system.
MORE: Which websites are affected by the Heartbleed OpenSSL encryption bug?
Fortunately, with the help of a few commands, you can check whether the version of Ubuntu you're using is vulnerable to the Heartbleed bug, and also update Ubuntu to ensure that the vulnerability is sealed and patched. It's important to note that multiple versions of Ubuntu are affected, including Ubuntu 12.04 LTS, Ubuntu 12.10, and Ubuntu 13.10, so it's imperative that you ensure that the version you run is safe -- or update to one that is. Here's how, according to ansoncheunghk.info.

First, run this command: # sudo openssl version -a. What's important here is the line that starts with "built on," which gives you a date for the version of Ubuntu you're running on your server. If you're using a version dated before April 7, it is vulnerable to the Heartbleed bug. If it's dated on or after April 7, you're in the clear. Here's what to do if you aren't, like the the version pictured below, which is dated June 4, 2013.

Read more
How to check if your favorite websites are vulnerable to the Heartbleed bug
cupid the new heartbleed attack method that affects android devices bug

Update: 4/11/14 4:56 pm ET:  McAfee, a popular developer consumer and business-level Internet security programs, has created a Heartbleed scanner of its own. You can use it to scan your favorite websites and check if they're vulnerable to the OpenSSL flaw. Check it out here.
Original story
By now, you've probably heard of the Heartbleed bug; the flaw in the OpenSSL method of data encryption that lets hackers steal user names, passwords, emails and instant messages, credit card information, and more, while also evading detection. For the most part, aside from changing your passwords and avoiding sites that have allegedly been affected, there's not much else you can do to combat the bug. However, Qualys, a Web security firm, has developed a tool that lets you scan any website to see if it's vulnerable to the Heartbleed bug. It's easy to pull off, too: here's how.
Go to the Qualys SSL Labs page here, type in the name of a website, and click "Submit" to assess its vulnerability to the OpenSSL Web encryption bug. When the scan is complete, you should see a notification telling you whether the site is hit by Heartbleed.
It's worth noting that the feature is labeled "Experimental" on the site. In our experience, it took up to a minute to complete a scan, and timing varied from one website to the next, so we urge you to exercise patience when using this tool to scan your favorite page. Digital Trends reached out to Qualys to find out what "Experimental" means precisely, and get their thoughts on the seriousness of Heartbleed. We will update this story when they respond.
Alternatively, LastPass, an online password security firm, also has a Heartbleed scanner of their own that works just like the Qualys scanner does. You can check it out here to scan sites, if you're interested in a second opinion. On top of that, Flippo Valsorda, a software developer put together a Web-based scanning tool of his own, which you can check out and use here. There's also a Google Chrome browser extension called Chromebleed which should tell you whether a website you're using is affected by the Heartbleed bug.
 

It looks like we're safe!

Read more