Heartbleed Bug Not Scary Enough, Pew Research Shows
Heartbleed, the proposed "worst vulnerability" ever, was apparently not scary enough. New research shows that not even half of those aware of Heartbleed took the precaution of changing their passwords.
According to a Pew Research Center survey, only 39 percent of Heartbleed-aware Internet users found the wherewithal to change passwords or cancel accounts -- just about the only two actions that could be taken once Heartbleed was discovered. Those with higher educations were more likely to try and protect themselves, as were those with higher incomes.
The survey also found that 29 percent of Internet users believe their personal information was put at risk thanks to Heartbleed, and that 6 percent believe some of their personal information was stolen.
The Pew Research survey is based on telephone interviews with 1,501 adults. Out of the total sample group, approximately 1,300 were Internet users, with 897 of them being aware of Heartbleed. This translates to a 60 percent awareness rate among adults and 64 percent among Internet users.
The survey also found that 46 percent of Internet users think their personal information is "somewhat secure." Another 23 percent believe their information is "very secure," and 26 percent feel "not too secure" or "not secure at all." When broken down by racial and ethnic groups, African-Americans feel the most secure and Hispanics the least.
What is Heartbleed
If you haven't heard of Heartbleed, here's what it is: a vulnerability in a widely used encryption software on the Internet named OpenSSL. How widely used? Let's just say Heartbleed affected around two-thirds of the world's servers in the beginning by some estimates.
What Heartbleed does is allow a malicious attacker to eavesdrop and steal personal information without leaving a trace.
"The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs)," Codenomicon, the Finnish-based security firm that discovered Heartbleed, wrote on Heartbleed.com.
Major websites and services from Google, Yahoo, Facebook, and more were all found to be vulnerable to Heartbleed. Most companies have since patched up their assets.
Experts are still struggling to figure out the extent of the damage Heartbleed has wrought over the two years it went unnoticed. Many agree that most hackers weren't aware, but given the scarcity of concrete details during Heartbleed's initial discovery, most firms advised users to change passwords.