Heartbleed

Protect yourself from the Heartbleed security flaw. 

What is “Heartbleed”?

Heartbleed is the nickname of a newly-discovered software security flaw in one of the most common security protocols on the Internet. It weakens or removes the privacy of information sent between a web browser and a web server. A significant number of websites were placed at risk by this flaw, including some at Harvard.

What information might have been stolen?

If this flaw were exploited, credentials, such as usernames and passwords, private documents and messages, as well as credit card numbers could have been exposed. 

What does this mean for me?

A small but significant number of websites may have allowed your username and password or other information to be exposed.

What is being done about this?

Harvard Information Security is working with IT groups across the University to identify and remediate impacted websites. The Harvard PIN system and other enterprise applications were not at risk.

Should I change my Password?

Consider changing your passwords if the any of the following situations apply to you:

  • You receive notification from a website or Internet-based application directing you to change your password. IMPORTANT: Never click links to reset your passwords. See phishing guidance below.
  • You frequently log into your accounts on public Wi-Fi or outside the United States in the last 2 years.
  • You use the same password for multiple accounts, especially your Harvard accounts.
  • You are concerned and want peace of mind.       

Don’t be Lured by Phishing: When a security problem is in the news, cyber criminals often attempt phishing, or the sending of fraudulent emails, to trick users into giving up personal information. If you receive an email directing you to change your password, do not click any links or open any attachments. Delete the email, and visit the website directly by typing out the address or searching for it in a reputable web browser.

Add a Factor: Many services, including Facebook, Twitter, and Google, can provide greater security for your account by sending a message to your phone. Check the security settings of your accounts and see if this option, called multi-factor authentication, is available. 

See also: Advisories