The Heartbleed bug! Should I change my passwords?

I had several acquaintances and friends call me over the past week asking me whether the Heartbleed bug affects them and if they should change their passwords. The short answer is, yes. However, Mashable did a nifty lookup table which lets you see which websites are affected and whether or not you should change your password. Here is the link:


http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/


That being said, just to be on the safe side, I've changed all my passwords. I know, it's a pain in the butt, but this bug has been going around for a while which means malicious actors have had a really long time to exploit it. As an aside, make sure to review the following as well:


1. Secret questions. I've seen compromised accounts where the malicious actors had been sneaky enough to change the secret questions (i.e. those questions used when recovering a password). This way, if the password was changed, the malicious actor has a way in anyway.
2. Auxiliary email account. A lot of accounts have email accounts (one or more) tied to them, usually for password recovery purposes, etc... Just make sure all the email accounts listed there are yours.
3. Mobile #. Some accounts use mobile texts in order to aid in the safe recovery of lost passwords, etc... Once again, it would be possible for malicious actors who have compromised an account to change this. Just make sure the mobile # on the account is yours.


Better be safe than sorry!!