The ‘catastrophic’ Heartbleed bug discovered in a large portion of the Internet’s security encryption code this week has tech firms and services across the Web calling on users to change their passwords, and lists of websites and services known to have been affected are already starting to pop up.
Due to the severity of the bug and the popularity of the affected OpenSSL security library used in the HTTPS encryption for the last two years, the full extent of the security breach has not been and may never be fully calculated.
The nature of the flaw makes it impossible to determine whether or not specific account information like usernames, passwords, communications credit cards, etc. were stolen by hackers exploiting the bug, but all of them were vulnerable on a number of popular websites and services.
Many of the compromised entities have already employed a fix to the problem, in which case users will still have to change their log-in and account information under the new security layer. Changing it before a specific site or service has adopted the fix will still leave your information vulnerable.
This initial list composed by Mashable is in no way complete, but includes a grid of information and explanation for services and sites that responded to the report’s request, and will continue to be updated.
Social Networks affected include Facebook and Tumblr. LinkedIn is safe and the status of Twitter is unknown.
Companies affected include Google and Yahoo. Microsoft and Amazon are safe, but Apple is unknown.
Email affected include Gmail and Yahoo Mail. Outlook/Hotmail and AOL are safe.
Stores and payment services affected include Amazon Web Services (for website operators) and GoDaddy. Amazon, PayPal and Target are safe. Ebay is unknown.
No banks and traders listed including Bank of America, Chase, E*Trade, Fidelity, PNC, Schwab, Scottrade, TD Ameritrade, TD Bank, U.S. Bank and Wells Fargo were compromised.
Government and tax services affected include TurboTax. 1040.com and FileYourTaxes.com are safe. H&R Block, HealthCare.gov, and the IRS are unknown.