The discovery of a major new internet bug which may have compromised millions of people's usernames and passwords is a reminder of why we all need to protect ourselves online.
The Heartbleed bug allowed hackers to eavesdrop on people's conversations and potentially steal their data, and has left half a million sites extremely vulnerable to attack.
This has led to many security experts and several popular websites advising users to change their passwords urgently. Companies have also acted to update their security settings.
MoneySavingExpert.com wants to assure both our forum and Energy Club users that we've carried out a thorough check of our servers to ensure all your data is safe. Put simply, our internal systems are guarded by a protective wall meaning they were not under threat.
But that's no reason to be complacent. It's recommended you regularly change your online passwords and ensure they can't be easily guessed by a hacker.
What is the Heartbleed bug?
Heartbleed is a flaw in the encryption technology used by most websites to send data that users want to keep private and secure, such as emails or instant messages.
Encryption scrambles the data you send, making it look like nonsense to anyone but the intended recipient.
During this process, computers send out a "heartbeat", a small packet of data that checks the intended computer or device is receiving the information being sent.
But a programming error meant it was possible for hackers to send a well-disguised data parcel that looked like one of these heartbeats to trick computers into sharing data stored in its memory.
Computers store a vast amount of data, including usernames, passwords, and bank details, meaning all these could potentially have been exposed.
But you say my MSE accounts are safe, right?
Yes. As soon as the discovery of the Heartbleed bug was made public on 8 April, we ran comprehensive tests on all our systems.
No user information from either the forum or our Energy Club was found to be vulnerable.
As viruses and new threats are always emerging, we continuously monitor our systems to ensure data is safe.
So do I need to change my password?
Not as a direct result of this bug.
But we do suggest users regularly change their passwords anyway, to reduce the risk of them being compromised.
For users of the MSE forum, we strengthened the registration requirements and prompted several hundred of you with weak passwords to change it a few months ago.
If your password was deemed to be risky, you will have received a private message advising you to change it. If you didn't act after reading the message, then we suggest you change your password immediately.
What about my accounts on other sites?
Lots of websites are emailing or making public announcements on the actions their users need to take, so try to keep an eye out.
Some sites say users don't need to do anything, while others are advising urgent changes to passwords.
If you're not sure, it's best to contact the company.
There's an art to creating good passwords and making sure they aren't easy for hackers to guess. Here are some tips:
- Make sure it isn't obviously associated with you. Avoid using your date of birth, pet's name, or any other information hackers could easily access on a social network or by going through your bins.
- Use a mixture of words, numbers and characters. Passwords can still be memorable even when you jumble up numbers and letters, for example: M0n3y5av7ng3xp3rt.c0m!
- Use different passwords for different sites. This ensures that if someone were to guess one of your passwords, they wouldn't be able to get into all your accounts.
- Keep them safe. If you're using lots of different passwords, it's tempting to write them down. But that can be dangerous. So try to use a piece of technology that requires a password to get to the passwords.