‘Heartbleed’ security flaw compromises millions of passwords

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.
heartbleed

A security flaw codenamed Heartbleed went undetected for more than two years and may have exposed millions of passwords. (Photo: Screenschot from heartbleed.com)

NEW YORK (CNNMoney) — Websites are racing to patch the Heartbleed bug, the worst security hole the Internet has ever seen.

As sites fix the bug on their end, it’s time for you to change your passwords. The Heartbleed bug allowed information leaks from a key safety feature that is supposed to keep your online communication private — email, banking, shopping, and passwords.

RELATED: ‘Heartbleed’ security flaw compromises millions of passwords

Don’t change all your passwords yet, though. If a company hasn’t yet updated its site, you still can’t connect safely. A new password would be compromised too.

Many companies are not informing their customers of the danger — or asking them to update their log-in credentials. So, here’s a handy password list. It’ll be updated as companies respond to CNN’s questions.

Change these passwords now (they were patched)

Google+, YouTube and Gmail
Facebook
Yahoo, Yahoo Mail, Tumblr, Flickr
OKCupid

Don’t worry about these (they don’t use the affected software, or ran a different version)

AOL and Mapquest
Bank of America
Charles Schwab
Chase bank
Fidelity
E*Trade
HSBC bank
Microsoft, Hotmail and Outlook
PayPal
Scottrade
TD Ameritrade
Wells Fargo bank
U.S. Bank

Don’t change these passwords yet (still unclear, no response)

Amazon
American Express
Apple, iCloud and iTunes
Capital One bank
Citibank
LinkedIn
PNC bank
Twitter (the company said Twitter’s servers weren’t affected but also noted that Twitter used the affected software in some capacity.)
Wikipedia