Though many people were surely alarmed once the existence of the Heartbleed OpenSSL flaw was announced, according to a study conducted by the Pew Research Center, most Internet users didn’t take any steps to protect themselves from the threat.
In total, the study found that 39 percent of Internet users changed passwords or canceled accounts once they learned of Heartbleed. Despite the fact that the version of OpenSSL that was vulnerable to Heartbleed was used by countless websites and networking hardware all over the world, Pew also found that only 29 percent of Internet users thought that their personal information was at risk due to the Heartbleed bug, while only 6 percent thought that their personal data was swiped as a result of the vulnerability.
That’s despite the fact that, according to Pew, 64 percent of Internet users were aware of the threat. However, only 19 percent indicated that they heard “a lot” about it. Meanwhile, 41 percent, only knew “a little” about Heartbleed. It’s possible that the lack of the public’s knowledge on the topic contributed to the fact that most of the people surveyed didn’t take any actions to safeguard themselves.
The Heartbleed OpenSSL bug allows hackers to send fake heartbeat messages, which can trick a website’s server into relaying data that’s stored in its memory. This includes sensitive information such as usernames, passwords, credit card numbers, emails, and more.
Internet security experts have expressed much concern regarding the impact that Heartbleed could have. Mike Lloyd, the CTO of RedSeal, a network security firm, said that people should “stop all transactions for a few days” once news of Heartbleed broke. Canada Revenue Agency took very serious measures in its efforts to defend against the threat, shuting down its website on April 8, and didn’t bring it back online until April 13.
- How Google’s ‘Project Zero’ task force races hackers to snuff out bugs
- The best password managers for protecting your data online
- 9 things to know about Facebook privacy and Cambridge Analytica
- Microsoft misses another Edge-related 90-day security disclosure deadline
- Off-the-shelf smart home devices are a lot less safe than you think, report says