MoneySavingExpert.com homepage
Cutting your costs, fighting your corner
Founder, Martin Lewis · Editor-in-Chief, Marcus Herbert
Search bar closed.
MSE News

Heartbleed bug shows why you should change passwords regularly

computerhacker
Michael Smith
Michael Smith
Editor
11 April 2014

The discovery of a major new internet bug which may have compromised millions of people's usernames and passwords is a reminder of why we all need to protect ourselves online.

The Heartbleed bug allowed hackers to eavesdrop on people's conversations and potentially steal their data, and has left half a million sites extremely vulnerable to attack.

This has led to many security experts and several popular websites advising users to change their passwords urgently. Companies have also acted to update their security settings.

MoneySavingExpert.com wants to assure both our forum and Energy Club users that we've carried out a thorough check of our servers to ensure all your data is safe. Put simply, our internal systems are guarded by a protective wall meaning they were not under threat.

But that's no reason to be complacent. It's recommended you regularly change your online passwords and ensure they can't be easily guessed by a hacker.

What is the Heartbleed bug?

Heartbleed is a flaw in the encryption technology used by most websites to send data that users want to keep private and secure, such as emails or instant messages.

Encryption scrambles the data you send, making it look like nonsense to anyone but the intended recipient.

During this process, computers send out a "heartbeat", a small packet of data that checks the intended computer or device is receiving the information being sent.

But a programming error meant it was possible for hackers to send a well-disguised data parcel that looked like one of these heartbeats to trick computers into sharing data stored in its memory.

Computers store a vast amount of data, including usernames, passwords, and bank details, meaning all these could potentially have been exposed.

But you say my MSE accounts are safe, right?

Yes. As soon as the discovery of the Heartbleed bug was made public on 8 April, we ran comprehensive tests on all our systems.

No user information from either the forum or our Energy Club was found to be vulnerable.

As viruses and new threats are always emerging, we continuously monitor our systems to ensure data is safe.

So do I need to change my password?

Not as a direct result of this bug.

But we do suggest users regularly change their passwords anyway, to reduce the risk of them being compromised.

For users of the MSE forum, we strengthened the registration requirements and prompted several hundred of you with weak passwords to change it a few months ago.

If your password was deemed to be risky, you will have received a private message advising you to change it. If you didn't act after reading the message, then we suggest you change your password immediately.

What about my accounts on other sites?

Lots of websites are emailing or making public announcements on the actions their users need to take, so try to keep an eye out.

Some sites say users don't need to do anything, while others are advising urgent changes to passwords.

If you're not sure, it's best to contact the company.

Password tips

There's an art to creating good passwords and making sure they aren't easy for hackers to guess. Here are some tips:

  • Make sure it isn't obviously associated with you. Avoid using your date of birth, pet's name, or any other information hackers could easily access on a social network or by going through your bins.

  • Use a mixture of words, numbers and characters. Passwords can still be memorable even when you jumble up numbers and letters, for example: M0n3y5av7ng3xp3rt.c0m!

  • Use different passwords for different sites. This ensures that if someone were to guess one of your passwords, they wouldn't be able to get into all your accounts.

  • Keep them safe. If you're using lots of different passwords, it's tempting to write them down. But that can be dangerous. So try to use a piece of technology that requires a password to get to the passwords.

MSE Forum

Heartbleed bug

Forum image
MSE Email icon 3 December 2024

For all the latest deals, guides and loopholes simply sign up today - it’s spam free!

The truth about credit scores
Martin's need-knows
Compare+ Home Insurance
New MSE tool
Christmas consumer rights
12 must-knows
5.18% easy-access savings
Up to £20,000
50p photocard delivered
From Card Factory
Christmas light running costs
We've crunched the numbers
Coupons: 'Free' £2 crisps
Plus £2 off pizza
Tools and calculators

Clever ways to calculate your finances

Find your odds of getting top cards
Find your odds for getting a cheap loan
Compare broadband, phone & TV deals
Compares thousands of mortgages
Eight calcs to help you work out the cost
We ensure you’re on the cheapest tariff