The Heartbleed bug has exposed millions of passwords and consequently, sensitive online information like credit card numbers, emails, and banking information.
What You Need to Do
Change your passwords as soon as possible. If you’re away from home, look for the nearest Wi-Fi spot or buy a prepaid SIM card equipped with data. Bigger companies usually have mobile-friendly websites which will make it easier for you to change your password when you’re using a mobile device.
Your other options include internet cafés, your hotel/hostel computer, or borrowing another traveller’s laptop/tablet. You can protect yourself on public Wi-Fi by turning off sharing, enable your firewall and use SSL whenever possible.
Which Websites Were Affected?
This chart from Mashable clearly outlines which websites have been compromised. Change your passwords on these first; if you want to be 100% safe, change the passwords on all the websites you use.
Needless to say, this chart doesn’t cover every single website on the planet, so make sure you pay a visit to your online banking websites. Although news has been released that Canadian banks, airlines, and online retailers have not been affected by the bug, you’ll still want to check your accounts. Some banks will have a notice on their homepage letting you know whether their system has been compromised or not. If there’s no notice, we say it’s better to be safe than sorry, so change your password immediately.
Was the Canada Revenue Agency Affected?
If you’re currently travelling, chances are you’ve already filed your taxes with the Canada Revenue Agency, so you don’t need to worry about your return being compromised. The CRA has no evidence of a security breach so far. If you have yet to file your taxes, the Canada Revenue Agency’s e-filing is temporarily shut down, but the filing deadline of April 30 will be pushed back for as long as the shutdown. Don’t worry; you don’t need to cut your trip short!
**Update: The CRA has announced that 900 social insurance numbers were compromised. Everyone affected will receive a registered letter, which will contain a special 1-800 number. For more details, please see here.
What Else?
Rack your brain for other websites you may have a password for. You might have used one site to log into another: for good measure, change those too.
