Dubbed the “ultimate web nightmare”, Heartbleed was arguably the biggest security issue to hit the Internet in recent years. Heartbleed caused wide concern because affected websites were vulnerable for some two years, an attack to exploit the bug and gain access to sensitive information is shown to be undetectable, and the affected version of OpenSSL was used by some two-thirds of the web.
For several days, news of Heartbleed and the risks it posed dominated the press. Consumers were advised to update passwords as soon as websites announced they had pushed updates to patch Heartbleed. So Heartbleed caused quite a stir (and a fashionable one at that, given that it’s the first security vulnerability to have its own logo).
But the question remains: Did anything actually change? Do we as consumers have a better grasp of the risks to our data online and how to start better protecting it?
Statistics from a recent Pew study show that despite a large percentage of Internet users hearing about Heartbleed (ranging from 47% in one study by LifeLock to 64% in the study by Pew) less than half of those informed consumers took action to change passwords. Another study by Software Advice echoed similar findings, showing that some 67% of Internet users haven’t changed passwords after Heartbleed. Perhaps the more alarming statistic was that over 75 percent of respondents say they’ve received no advice about Heartbleed in the workplace, despite showing willingness to cooperate if they were asked to change passwords.
In summary - some took action after Heartbleed, but not nearly enough, given the breadth of Heartbleed. In addition, businesses are not taking the responsibility they should for educating their employees and empowering them to protect both corporate and personal data.