Heartbleed bug - passwords you may wish to change

14 April 2014

A web encryption flaw known as the 'Heartbleed' bug has made headlines as attackers could steal passwords, credit card details, encryption keys and other sensitive data, without leaving any trace.

Heartbleed is thought to be one of the most serious security flaws ever found, partly because it remained undiscovered for more than two years. Experts estimate that around two-thirds of the world's web servers run the software that contains the flaw, known as OpenSSL, meaning they are vulnerable to attack until a security patch is installed.

The security researchers who discovered the bug have advised people to change all of their passwords. However, other security experts are advising consumers to wait, warning that if users change passwords while sites are still vulnerable, their new passwords will be exposed too.

They recommend that, before making any changes, users should check a site for an announcement that it has dealt with the issue. Alternatively, they can find out if a site is still vulnerable by copying and pasting the URL into this website.

The list of potentially affected sites is very long, so The Telegraph has compiled a list of the most popular social media, search, email, banking and retail sites, with the latest information on whether or not the flaw has been fixed.

• CIPP updates