|
|||
|
|||
These sources were used to create the huge list below and the results for each company:
- These three lists of sites:
- And this Heartbleed checker page
- LastPass: Heartbleed Checker, from LastPass I checked the login URL, not the main Web site URL. (Note that as of 7/23/2015, this test was shutdown, 15 months after Heartbleed was announced.)
Notes on the results below:
- In the "What You Need To Do" column
- Change password means the site was likely vulnerable, but it's now been patched and so it's safe to change your password with that company. Please do so ASAP. (WARNING: if you do not change your password, all of your account information and data in that account is at risk.)
- CONTACT COMPANY means the site is possibly unsafe and/or unpatched, or it's quite unclear if the site or service was vulnerable. Do not wait for (or expect) notification from the company, they are doing a perfectly LOUSY job of notifying customers. Instead, contact the company directly and ask if they were vulnerable to the Heartbleed bug, and if so, have they thoroughly fixed things on their end. (In fact, see here for the best list of questions to ask the company.) In the meantime, to be safe, do not create an account at or log into this site, as it may still be vulnerable to the Heartbleed bug.
- Nothing means the site was not vulnerable, and there's no need to change your password. UNLESS, of course, you have used it on any other site, or have not changed it in the past year or so. Then you should change your password just to be safe.
- When a LastPass check was done, the URL for the login screen was used, but there may still be some uncertainly as to the results.
- Beware of non-answers from companies. When they say they "found no evidence of any compromise," that means they were likely vulnerable, and you really need to find out from them if they were vulnerable or not and if they have patched and updated their system. Remember, when the Heartblled bug is exploided, it leaves no trace!
- I cannot guarantee all the details below are correct. If there's any question at all, please call the company involved.
Recommendations:
- PLEASE see this Web page for many more details on what you need to do to protect yourself from the Heartbleed bug, and to learn more about it.
- heartbleed_list.html
- There are many other Internet services and apps on smart phones and tablets, and Internet devices that connect securely to the Internet. So in addition to the Web sites below, you need to check with all the companies involved and anywhere you have an account, to see if they were vulnerable to the Heartbleed bug, and if so, have they fixed things on their end, and if you should change your passwords there.
- We recommend updating your password on any site IF you have also used that same password at any other site. From now on, ALWAYS use a unique password for each site.
- When changing passwords, be sure to create good, strong ones. See here for password recommendations.
- Keep a close eye on any and all financial statements to make sure there are no unfamiliar charges.
- If you learn of any updates to the results below, like an official statement from the company involved, please let me know.
Web site, Internet
service, or appSource
Was the site
vulnerable?Site
patched?What you
need to
do...Comments Cable, Internet, Phone, Satellite, TV Service Providers [Return to category list] Ace Communications LastPass
no
no
Nothing
Main: acegroup.cc
Login: myaccount.acecomgroup.netAT&T att.com (main account) LastPass
Possibly
Change
passwordBased on the statement from AT&T from 4/11/14 (hidden on their blog), it's not clear if they were vulnerable, or not. However, LastPass now says: they may have been vulnerable, but are now safe; change your password. AT&T att.net LastPass
Possibly
Change
passwordAnd it reroutes to att.yahoo.com, and Yahoo was vulnerable. AT&T www.sbcglobal.net LastPass
Possibly
YES
Change
passwordAnd it reroutes to att.yahoo.com, and Yahoo was vulnerable. Boingo Wireless LastPass
Company statementYES
YES
Change
passwordMain: www.boingo.com:
Login: my.boingo.com
LastPass: Possibly vulneable, contact company.
Company statement buried on their blog: "We have upgraded the SSL software, and the servers are now as good as new, without those pesky security flaws that make it possible for hackers to take something that didnt belong to them. We recommend that our customers change their password if they have used our VPN service or logged in to a partner network in the last two years."CenturyLink LastPass
Possibly
Change
passwordeam.centurylink.com Charter charter.com, main customer account LastPass
Agentno
YES
Nothing
Main: charter.com
Login: www.myaccount.charter.com
LastPass: Was not vulnerable.
Agent: They claim they were not vulnerable but have implemented the patch for the bug, which strongly suggests they actually were vulnerable. She knew nothing about the digital security certificates. This likley all we'll ever hear about this from Charter.Charter charter.net, Web-based email LastPass
AgentPossibly
YES
Change
passwordMain: webmail.charter.net
Login: web.charter.net
LastPass: Possibly vulnerable, contact company
Agent: They claim they were not vulnerable but have implemented the patch for the bug, which strongly suggests they actually were vulnerable. She knew nothing about the digital security certificates, which are old, as can be seen with the LastPass check. This likley all we'll ever hear about this from Charter. So, change your password now, and do so again in six months, to be safe.Comcast CNET
LastPassno
no
Nothing
CNET: Awaiting response
LastPass: Not vulnerableEarthlink LastPass
Possibly
Change
passwordMain 1: www.earthlink.com
Main 2: www.earthlink.net
Login: myaccount.earthlink.netHughes LastPass
AgentPossibly
YES
Change
passwordMain: hughesnet.com
Login: home.myhughesnet.com
LastPass: Possibly vulneable, contact company.
Official statement on the Hughes.net community forum, "For security purposes, all server infrastructure has been secured with the recommended patches and SSL certificates replaced. To protect yourself from any other risks, we strongly encourage you to change your password and update your security questions."NetZero CNET
LastPassno
no
Nothing
Main: www.netzero.net
Login: account.netzero.net AND www.netzero.net
CNET: not vulneable
LastPass: Possibly vulneable, contact company.Skype LastPass
MSDN Blogno
no
Nothing
Main: www.skype.com
Login: login.skype.com
LastPass: possibly vulnerable, contact the company,
An MSDN blog said After a thorough investigation, Microsoft determined that Microsoft Azure, Office 365, Yammer and Skype, along with most Microsoft Services, are not impacted by the OpenSSL Heartbleed vulnerability.Sprint LastPass
MSDN Blog
Company
statementPossibly
Change
passwordMain: www.sprint.com
Login: mysprint.sprint.com
Their company statement provides this non-answer: "(We have) not seen any impacts to our website or operations servicing our customers. We vigorously monitor our systems and we have a variety of security protocols and procedures in place to assess, monitor and prevent such impacts."T-Mobile LastPass
Company
statementPossibly
Change
passwordwww.t-mobile.com
LastPass: was possibly vulnerable, now safe, change password.
Their company statement provides this non-answer: "(there) have been no impacts to T-Mobile's network or websites. We continue to monitor for the Heartbleed Bug."Verizon LastPass
Company
statementPossibly
Vulneable
Contact
company directly for details about your specific use of their services.
Change
password if you use one of the safe login URLs in the columns to the right.
Certain Android users should be especially concerned.Main: www.verizon.com and www.verizonwireless.com
Login URLs based on which URL you're at when you login:
verizon.com was possibly vulnerable, now safe, change password
www.verizonwireless.com was possibly vulnerable, now safe, change password
login.verizonwireless.com was possibly vulnerable, now safe, change password.
enterprisecenter.verizon.com was possibly vulnerable, now safe, change password
signin.verizon.com was possibly vulnerable, now safe, change password
They have a company statement buried on a forum page. Contacting them directly, they provided the same non-answer: "The long period of industry-wide exposure to the Heartbleed problem is unusual, but in our review to date of Verizon Wireless' external websites, we have found no evidence of any compromise. Our investigation is ongoing, and we continue to work with our vendors as they complete their own assessments. We will respond to the results accordingly."
So, they are not sure they may have been, an/or may stiill be, vulnerable, which is scary.
Users of Android 4.1.1 should see their company statement, and answer number 2 from 4/24/14 for a special note about those devices.Wildblue / Exede main company account, some of their own email accounts, but not their Google-based email accounts. (Note that Google WAS vulnerable to the Heartbleed bug.) LastPass
Company
statementYES
YES
Change
passwordWeb sites:
www.wildblue.net
www.exede.net
(Note: some of their email is handled via Google.)
Login URLs mixed results from LastPass based on which URL you're at when you login:
myaccount.exede.net was possibly vulnerable, now safe, change password
myaccount.wildblue.net was possibly vulnerable, now safe, change password
ecare.wildblue.net was possibly vulnerable, contact company
The detailed company statement does not to mention ecare.wildblue.net, but they do say any.vulnerable site of theirs is now safe, and it's OK to change passwords for any account you have with them.Computer-related [Return to category list] 1 and 1 LastPass
Possibly
Change
passwordwww.1and1.com Adobe CNET
LastPass
AgentPossibly
Change
passwordwww.adobe.com
CNET: Awaiting response
LastPass: Possibly vulnerable, now safe, change password.
From a customer service agent at their blog comes this non-answer, "All Adobe internet-facing services known to have been using a version of OpenSSL containing the Heartbleed vulnerability have been mitigated [made less severe]. We are continuing our analysis of Adobe internet-facing servers to identify and remediate any remaining Heartbleed-related risks."Amazon Web Services (for website operators) Mashable
CNETYES
YES
Change
passwordMashable: was vulnerable, now fixed, change password
CNET: Awaiting responseA Plus.net LastPass
Possibly
Change
passwordMain: www.aplus.net
Log in: portal.aplus.netAmazing Counters LastPass
Possibly
YES
Change
passwordwww.amazingcounters.com Apple (and iCloud and iTunes) Mashable
LastPass
CNET
CNN Moneyno
no
Nothing
Main site: apple.com
Apple said "iOS and OS X never incorporated the vulnerable software and key Web-based services were not affected."
But note that individual apps on iPads, iPhones, and iPod Touches may be at risk.Apple ID LastPass
no
no
Nothing
An Apple service.
appleid.apple.comApple Store LastPass
no
no
Nothing
An Apple service
Main site: store.apple.com
Login: secure1.store.apple.comAsk CNET
LastPassno
no
Change
password
to be safewww.ask.com
CNET: not vulnerable
LastPass: was possibly vulnerable,: now safe, change passwordBing CNET
LastPassYES
YES
Change
passwordCNET: vulnerability patched, change of password recommended.
LastPass: not vulnerable.Bluehost LastPass
Possibly
Change
passwordMain: www.bluehost.com
Log in: my.bluehost.comBox.com Mashable
LastPassYES
YES
Change
passwordMain: www.box.com
Login: app.box.comBravenet LastPass
Possibly
YES
Change
passwordwww.bravenet.com
LastPass: may be vulnerable, unable to extract SSL information.Bulk Register LastPass
Company
statementno
no
(not needed)Change
password
to be safewww.bulkregister.com
LastPass: was not vulnerable
Company statement "Although BulkRegister was unaffected by the Heartbleed bug, as a precaution, we recommend that all BulkRegister users change their account passwords; especially if you use the same login information for other services."Carbonite LastPass
Company
statementno
no
Nothing
Main: www.carbonite.com
Login: account.carbonite.com
LastPass: not vulnerable.
Company statement "Carbonite Personal and Pro subscriptions do not use the affected encryption software. Your personal data was never at risk."Clicky Web Analytics LastPass
Company statementno
no
Nothing
clicky.com
LastPass: said possibly vulnerable, contact company
Company statement, stated here, buried on a blog, "Clicky was not affected by the 'Heartbleed' security issue. The versions of OpenSSL running on our public servers and load balancers were not any of the ones that were vulnerable. To make doubly sure, we ran tests on all of our public IPs, and they were all reported safe."Conduit CNET
LastPassno
YES
Change
passwordmobilecp.conduit.com
CNET: Awaiting response.
LastPass: now safe, change passwordDell LastPass
no
YES
Change
password
to be safeMain: www.dell.com
Login: ecomm.dell.comDomainDiscover LastPass
Possibly
Change
passwordMain: www.tierra.net/domains
Log in: www.tierra.netDomain Registry of America, Domain Registry Services LastPass
no
no
Nothing
Known for their less-than-ethical practices.
droa.comDomains Prices Right LastPass
no
no
Nothing
Main: www.domainspricedright.com
Log in URLs:
www.domainspricedright.com
idp.securepaynet.netDoteasy LastPass
no
no
Nothing
Main: www.doteasy.com
Log in: member.doteasy.com AND www.doteasy.comDreamHost LastPass
Likely
Change
passwordMain: www.dreamhost.com
Log in URLs"
panel.dreamhost.com
www.dreamhost.com
webftp.dreamhost.comDropbox Mashable
CNET
LastPassYES
YES
Change
passwordwww.dropbox.com ExactSeek LastPass
Possibly
Change
passwordwww.exactseek.com Feedbin CNET
LastPassYES
YES
Change
passwordfeedbin.com Geek Empire Hosting LastPass
Possibly
Vulneable
CONTACT
COMPANYMain: www.geekempirehosting.com
Log in: secure.geekempirehosting.comGetPocket CNET
LastPassYES
YES
Change
passwordgetpocket.com GitHub Mashable
LastPassYES
YES
Change
passwordgithub.com GoDaddy Mashable
CNET
LastPassYES
YES
Change
passwordMain: www.godaddy.com
Login: www.godaddy.com AND idp.godaddy.com
Mashable and CNET: was vulnerable, now safe, change password.
LastPass: login servers not vulnerable, change password to be safe.Mashable
CNET
LastPass
statementYES
YES
Change
passwordAnd for ALL Google services.
Main: www.google.com
Login: accounts.google.com
Google spokesperson said in an emailed statement, 'We have assessed the SSL vulnerability and applied patches to key Google services."GoogleUserContent.com CNET
LastPassPossibly
YES
Change
passwordwww.googleusercontent.com Homestead Web sites LastPass
Possibly
Change
passwordwww.homestead.com Hover LastPass
Possibly
Change
passwordwww.hover.com HP Company
statementPossibly
Vulneable
CONTACT
COMPANYGeneral company statement from HP applies to many HP products, services, and Web sites. ICQ LastPass
Possibly
Change
passwordwww.icq.com IFTTT Mashable
CNET
LastPassYES
YES
Change
passwordMain: ifttt.com Imgur CNET
LastPassPossibly
YES
Change
passwordCNET: Awaiting response.
LastPass: fixed and change password.InMotion Hosting LastPass
no
no
Nothing
Main: www.inmotionhosting.com
Log in: secure1.inmotionhosting.comIntego - support LastPass
Possibly
Change
passwordsupport.intego.com iPage Hosting LastPass
Possibly
Change
passwordMain: www.ipage.com
Log in: secure.ipage.comLenovo LastPass
no
no
Change
password
to be safeMain: www.lenovo.com
Login: shop.lenovo.com
LastPass: new SSL CertificateManageWP CNET
LastPassno
no
Change
password
to be safeMain: managewp.com
CNET: not vulnerable
LastPass: Was possibly vulnerable, now safe, change password.Medialink Routers LastPass
Agentno
no
Nothing
Web site: www.medialinkproducts.com. No sign-in at Web site.
LastPass: No secure server there.
Agent: Our website does not use OpenSSL, so our website is not vulnerable. Our routers have nothing to do with this problem.Micromat LastPass
Possibly
Change
passwordwww.micromat.com Microsoft Mashable
no
no
Nothing
Main: www.microsoft.com
Microsoft services were not running OpenSSL, according to LastPass.Microsoft Store LastPass
no
no
Nothing
www.microsoftstore.com Network Solutions LastPass
Possibly
Change
passwordwww.networksolutions.com Norton (online account) Norton statement
LastPassno
Change
password
to be safeInformation on Norton products and the Heartbleed vulnerability.
About their Web sites the company said, "No Norton Web sites or accounts were affected by the vulnerability. It is not necessary to change your password"
Several URLs are used for logging in. The LastPass results are mixed:
www.mynortonaccount.com possibly vulnerable, contact the company
account.norton.com now safe and to change your password there
login.norton.com possibly vulnerable, contact the company.OWC (Other World Computing) LastPass
Possibly
Change
passwordMain: www.macsales.com
Login: eshop.macsales.comProxim LastPass
Possibly
YES
Change
passwordMain: www.proxim.com
Login: my.proxim.comRage Software LastPass
Agentno
no
Nothing
Main: www.ragesw.com
Login: billing.ragesw.com
LastPass: possibly vulnerable, contact the company.
Customer service agent, "We have not been using the OpenSSL version that was affected by SSL for a very long time so our servers were not affected by the leakage of the security issue.RealPlayer Cloud LastPass
Possibly
Change
passwordMain: www.real.com
Login: cloud.real.comRegister.com LastPass
Possibly
Change
passwordwww.register.com
LastPass says: Was possibly vulnerable, now safe, change password.Roxio LastPass
no
no
Nothing
www.roxio.com Salesforce CNET
LastPassno
no
Nothing
Main: www.salesforce.com
Login: login.salesforce.comSanDisk LastPass
Possibly
Change
passwordMain: www.sandisk.com
Login: retail.sandisk.com
LastPass says: Possibly unsafe, contact company.
Customer service agent says: "The only product that could have been affected would be sandisk secure access and it was not affected by the bug. No other product used anything that heart bleed bug could affect, and any and all website and support pages have been updated. So we recommend changing any old passwords, but all websites and support pages have been updated, and we do not have any product or software that was affected."Serif LastPass
no
no
Nothing
www.serif.com Site Meter LastPass
no
no
Nothing
sitemeter.com SpiderOak Mashable
LastPassYES
YES
Nothing
spideroak.com
LastPass says: Was possibly vulnerable, now safe, change password.
Spideroak said it patched its servers, but the desktop client doesn't use a vulnerable version of OpenSSL, so "customers do not need to take any special action."Stack Overflow CNET
LastPassYES
YES
Change
passwordstackoverflow.com Stat Counter LastPass
Possibly
Change
passwordstatcounter.com TidBITS LastPass
Possibly
Change
passwordtidbits.com Toshiba LastPass
Possibly
Change
passwordwww.toshiba.com WeTransfer LastPass
Possibly
Change
passwordwww.wetransfer.com Yahoo Mashable
CNET
LastPassYES
YES
Change
passwordAnd for any Yahoo service.
Main: www.yahoo.com
Login: login.yahoo.comDating Services [Return to category list] eHarmony LastPass
Possibly
Change
passwordwww.eharmony.com OKCupid Mashable
CNET
LastPassYES
YES
Change
passwordwww.okcupid.com Match.com LastPass
Possibly
Change
passwordwww.match.com Spark Networks (JDate, Christian Mingle, SilverSingles.com, and more) Mashable
LastPassno
no
Nothing
Login: accounts.spark.net Email [Return to category list] AOL Mashable
LastPassno
no
Nothing
Main: www.aol.com
Login URLs: new.aol.com, my.screenname.aol.com, AND account.login.aol.comGmail Mashable
LastPass
Google statementYES
YES
Change
passwordAnd for ALL Google services.
Login: accounts.google.com
Google spokesperson said in an emailed statement, 'We have assessed the SSL vulnerability and applied patches to key Google services."Hotmail / Outlook / Live.com CNET
Mashable
LastPassno
no
Nothing
All Microsoft services. Hotmail and Outlook redirect to Live.com.
Main: www.live.com
Login: login.live.com
Mashable: "Microsoft services were not running OpenSSL, according to LastPass."Wildblue Mail Mashable
LastPassYES
YES
Change
passwordUses Gmail, which was vulnerable.: mail.google.com/a/wildblue.net Yahoo Mail Mashable
CNET
LastPassYES
YES
Change
passwordAnd for any Yahoo service.
Login: login.yahoo.comFinancial [Return to category list] Banks Many big banks (see below) don't use OpenSSL, but instead use proprietary encryption software. But many medium or smaller banks may be vulnerable it's still unclear. To be sure, contact your bank directly for a determination of if their online banking Web site is (or was) vulnerable. And keep a close eye on any and all financial statements to make sure there are no unfamiliar charges. Act Blue LastPass
Possibly
Change
passwordMain: www.actblue.com
Login: secure.actblue.comAmerican Express Mashable
LastPassno
no
Nothing
Main: www.americanexpress.com
Login: www.americanexpress.com AND online.americanexpress.comAmerican Funds Mashable
LastPassYES
YES
Change
passwordwww.americanfunds.com Bank of America Mashable
CNET
LastPassno
no
Nothing
Main: www.bankofamerica.com
Login: www.bankofamerica.com AND secure.bankofamerica.comBarclays Mashable
LastPassno
no
Change
password
to be safeMain: www.barclays.com
Login: www.banking.barclaysus.com AND
www.securebanking.barclaysus.com: was possibly vulnerable, not safe, change PW.
Mashable: not vulnerableBECU CNN Money
LastPassno
no
Nothing
www.becu.org
www.becuonlinebanking.orgCapital One Mashable
CNET
CNN Money
LastPassno
no
Nothing
www.capitalone.com Charles Schwab CNN Money
Mashable
LastPassno
no
Nothing
Main: www.schwab.com
Login: client.schwab.com
There were many other login URLsChase Mashable
CNET
LastPassno
no
Nothing
www.chase.com AND chaseonline.chase.com Citibank Easy Deals Mashable
LastPassno
no
Change
password
to be safeMain: citieasydeals.com
Login 1: online.citibank.com
Login 2: citieasydeals.com
Mashable says nothing needs to be done with any Citigroup stuff.
LastPass says online.citibank.com was not vulnerable; but the other secure server, citieasydeals.com, may have been vulnerable but it's now safe, and to change your password.Citigroup Mashable
LastPassno
no
Change
password
to be safeMashable says nothing needs to be done with any Citigroup stuff.
LastPass: for many of their secure servers, they may have been vulnerable but it's now safe, and to change your password.E*Trade Mashable
LastPass
CNN Moneyno
no
Nothing
us.etrade.com
Mashable: E*Trade is still investigatingEdward Jones LastPass
Local repPossibly
Change
passwordMain: www.edwardjones.com
Login: accountaccess.edwardjones.com
LastPass: possibly were vulnerable but are now safe, change your password.
Local rep: "We weren't vulnerable so (there's) no need to do anything."Equifax LastPass
Possibly
Change
passwordMain: www.equifax.com
Login: www.econsumer.equifax.comExperian -- main member login AND credit report products LastPass
AgentPossibly
Change
passwordMain: www.experian.com
Login: experian.experiandirect.com
LastPass: was possibly vulnerable, now safe, change your password.
Customer service agent: "Please be assured that Experian treats information security as a top priority and operates appropriate patching and vulnerability management processes as a routine measure. At this point, we believe our ExperianDirect.com environment is not vulnerable to this issue. We will continue to monitor the situation and implement recommendations as appropriate."
Note: they are not sure they may have been, or may still be, vulnerable, which is scary.Experian -- Contractor Check LastPass
no
no
Nothing
Main: contractor.smartbusinessreports.com
Login: myaccount.smartbusinessreports.comExperian -- CreditExpert Credit Manager LastPass
Possibly
Change
passwordLogin: www.creditexpert.com Experian -- Experian Connect LastPass
Possibly
Change
passwordconnect.experian.com Experian -- Protect My ID service LastPass
Possibly
Change
passwordwww.protectmyid.com Experian -- Smart Business Reports LastPass
no
no
Nothing
Main: www.smartbusinessreports.com
Login: myaccount.smartbusinessreports.comExperian -- Vehicle History Report LastPass
Possibly
Vulneable
CONTACT
COMPANYwww.autocheck.com Fidelity Mashable
LastPassno
no
Nothing
Main: www.fidelity.com
Login URLs: login.fidelity.com, fps.fidelity.com, and
401k.fidelity.comFranklin Templeton LastPass
Possibly
Change
passwordwww.franklintempleton.com HSBC bank CNN Money
LastPassno
no
Change
passwordwww.us.hsbc.com
CNN Money: safe was not vulnerable
LastPass: Was possibly vulnerable, now fixed, change password to be safe.Intacct LastPass
Company
statementPossibly
Change
passwordMain: us.intacct.com
Login: www.intacct.com
Company statementIntuit - Main account LastPass
no
no
Change
password
(to be safe)Login: selfservice.intuit.com
LastPass: was not vulnerable
Note Intuit's general company statement which says some products, services, and Web sites were vulnerable but now have been fixed.Intuit - Mint CNET
LastPassPossibly
Change
passwordwwws.mint.com
CNET: Awaiting response
LastPass: now safe, change your password
Note Intuit's general company statement which says some products, services, and Web sites were vulnerable but now have been fixed.Intuit - Quickbooks CNET
LastPassno
no
Change
password
(to be safe)qbo.intuit.com
selfservice.intuit.com
CNET: Awaiting response
LastPass: was not vulnerable
Note Intuit's general company statement which says some products, services, and Web sites were vulnerable but now have been fixed.Intuit - Quicken: Online Investment Account CNET
LastPassPossibly
Vulneable
CONTACT
COMPANYLogin: login.quicken.com
CNET: Awaiting response
LastPass: Possibly vulneable, contact company.
Note Intuit's general company statement which says some products, services, and Web sites were vulnerable but now have been fixed.Intuit - Quicken: Online Quicken Account CNET
LastPassno
no
Change
password
(to be safe)quicken.intuit.com
CNET: Awaiting response
LastPass: was not vulnerable
Note Intuit's general company statement which says some products, services, and Web sites were vulnerable but now have been fixed.Intuit - TurboTax CNET
LastPass
CNN Moneyno
no
Change
password
(to be safe)turbotax.intuit.com
myturbotax.intuit.com
CNET: Awaiting response
LastPass: was not vulnerable
CNN Money: was not vulnerable
Note Intuit's general company statement which says some products, services, and Web sites were vulnerable but now have been fixed.Morgan Stanley - Online account LastPass
Possibly
Change
passwordMain: www.morganstanley.com
Login: www.morganstanleyclientserv.comPayPal Mashable
CNET
LastPassno
no
Nothing
www.paypal.com PNC Mashable
CNN Money
LastPassno
no
Nothing
Main: www.pnc.com
Login: www.pnc.com AND www.onlinebanking.pnc.comRaymond James LastPass
Company
statementno
no
Change
password
(to be safe)Investor Access
Main: www.raymondjames.com
Login: investoraccess.rjf.com
Equity Research:
www.rjcapitalmarkets.com
Commission Management:
raymondjamescm.com
LastPass: For Investor Access and Equity Research: possibly vulneable, contact company. For Commission Management: not vulneable.
Raymond James statement: Raymond James took immediate action to protect its clients against this breach. Following the Department of Homeland Securitys advisory on Tuesday, the firm took measures to ensure that our applications and websites were secure. We have no reason to believe that any of our applications, including Investor Access, have been compromised in any way.Scottrade Mashable
CNN Money
LastPassno
no
Change
password
to be safeMain: www.scottrade.com
Mashable & CNN Money: vulneable
LastPass gave mixed results:
www.scottrade.com: was possibly vulneable, now safe change password
apply.scottrade.com: was possibly vulneable, now safe, change password
trading.scottrade.com: Possibly vulneable, contact companyTD Ameritrade Mashable
CNN Money
LastPassno
no
Nothing
Main: www.tdameritrade.com and www.amtd.com
Login URLs:
www.tdameritrade.com
invest.ameritrade.com
invest.tdameritrade.comTD Bank Mashable
LastPassno
no
Nothing
Main: www.tdbank.com
Login URLs:
onlinebanking.tdbank.com
businessonline.tdbank.comT. Rowe Price Mashable
LastPassno
no
Nothing
www.troweprice.com
Login URLs:
individual.troweprice.com
www2.troweprice.com
www3.troweprice.com
www4.troweprice.comTIAA CREF LastPass
Possibly
Change
passwordMain: www.tiaa-cref.org
Login: publictools.tiaa-cref.orgTrasnUnion LastPass
Agentno
Nothing
Main: transunion.com
Login URLs:
membership.tui.transunion.com
tui.transunion.com
member.trueidentity.com
www.transunionplus.com
LastPass: some of the login URLs were possibly vulneable and to contact the company.
Customer service agent: "None of our systems were vulnerable."U.S. Bank Mashable
CNN Money
LastPassno
no
Change
password
to be safewww.usbank.com
Mashable and CNN Money: not vulneable
There were many login URLs, here are the LastPass results for some of them:
Not vulneable:
onlinebanking.usbank.com
www4.usbank.com
usbank.visabuxx.com
trustnowessentials.usbank.com
apply.usbank.com
Was possibly vulnerable, now safe, change password:
carenet.fnfismd.com
www.account3000.comVanguard Mashable
CNN Money
LastPass
Company statementno
no
Nothing
Main: www.vanguard.com
Login URLs:
investor.vanguard.com
personal.vanguard.com
See the company statement, the main point being, "we're confident that Vanguard's websites are not, and have not been, subject to the Heartbleed vulnerability."Venmo Mashable
LastPassYES
YES
Change
passwordvenmo.com Wells Fargo Mashable
LastPass
CNET
CNN Moneyno
no
Nothing
Main: www.wellsfargo.com
Login URLs:
www.wellsfargo.com
online.wellsfargo.comXero LastPass
Company
statementno
no
Change
password
(to be safe)Main: www.xero.com
Login: login.xero.com
Company statement (One of the best I've seen)Games [Return to category list] Minecraft Mashable
LastPassYES
YES
Change
passwordminecraft.net Pogo LastPass
Company
statementPossibly
YES
Change
passwordwww.pogo.com
LastPass: Possibly vulnerable, contact comany.
Pogo Statement: "As soon as we became aware of Heartbleed, we began actively identifying and patching any vulnerable systems to ensure Pogo.com is secure. We have no reason to believe any passwords or personal information were stolen, but suggest erring on the side of caution and updating your Pogo password."Gas / Electric [Return to category list] Consumers Energy LastPass
no
no
Nothing
www.consumersenergy.com DTE Energy LastPass
Possibly
Change
passwordMain: www.dteenergy.com
Login: www.dteenergy.com AND www2.dteenergy.comGovernment and Taxes [Return to category list] 1040.com Mashable
LastPassno
no
Nothing
Main: www.1040.com
Login: www.1040.com AND fileonline.1040.comFileYourTaxes.com Mashable
LastPassno
no
Nothing
www.fileyourtaxes.com H & R Block Mashable
CNN Money
LastPassno
no
Nothing
Main: www.hrblock.com
Login: idp.hrblock.com AND
loginrouter.hrblock.comHealthcare.gov Mashable
LastPassPossibly
Change
passwordwww.healthcare.gov
LastPass: was likely vulnerable, now safe, change password.
CNN Money: The Health Department said "security protections prevent this vulnerability from occurring."Intuit - TurboTax Mashable
LastPass
CNN Moneyno
no
Nothing
Main: turbotax.intuit.com
Login: myturbotax.intuit.com
CNET: Awaiting response
LastPass: was not vulnerableIRS Mashable
CNN Money
LastPass
IRS statementno
no
Nothing
www.irs.gov
Two login URLs of MANY: sa.www4.irs.gov and
directpay.irs.gov
IRS statement, "Our systems continue operating and are not affected by this bug, and we are not aware of any security vulnerabilities related to this situation. We continue to monitor the situation and remain in contact with our software partners."
Note that they are not 100% sure, especially with their software partners.TaxACT Mashable
LastPassno
no
Nothing
Main: www.taxact.com
Login: www.taxactonline.comUSAA Mashable
LastPassYES
YES
Change
passwordwww.usaa.com Health / Medical [Return to category list] Health Warehouse LastPass
Possibly
Change
passwordwww.healthwarehouse.com MyHealthInfo - Munson Healthcare LastPass
Possibly
YES
Change
passwordMain: www.munsonhealthcare.org/myhealthinfo
Login: myhealthinfo.iqhealth.com AND cernerhealth.com
Mixed results from LastPass:
myhealthinfo.iqhealth.com: was possibly vulneable, now safe, change password
cernerhealth.com: was possibly vulneable, now safe, change passwordInsurance [Return to category list] Aetna LastPass
Possibly
Change
passwordMain: www.aetna.com
Login: member.aetna.comAllstate LastPass
Possibly
Change
passwordwww.allstate.com Auto Owners LastPass
Possibly
Change
passwordMain: www.auto-owners.com
Login: customercenter.auto-owners.comBlue Cross / Blue Shield of Michigan LastPass
Possibly
Change
passwordMain: www.bcbs.com
Login: member.bcbsm.comDelta Dental - General LastPass
no
no
Nothing
Main: www.deltadental.com
Login: login-wsprod.deltadental.comDelta Dental - Michigan LastPass
Possibly
Vulneable
CONTACT
COMPANYMain: www.deltadentalmi.com
Login: www.toolkitsonline.comFarmers LastPass
Possibly
Change
passwordwww.farmers.com Geico LastPass
Company
statementno
no
Change
password
(to be safe)Main: www.geico.com
Login: www.geico.com and ecams.geico.com
Statement
LastPass: www.geico.com was possibly vulnerable, change password. ecams.geico.com is possibly vulnerable, contact company.
Gieco's statement: GEICO's Information Security team has performed a thorough review of our online systems and have verified that they are not susceptible to the Heartbleed bug. Even so, we continue to monitor the information on Heartbleed to ensure our systems and your information remain properly protected. Change your passwords periodically to be safe.Humana LastPass
no
no
Nothing
www.humana.com Humana One LastPass
Possibly
Change
passwordMain: www.humana-one.com
Login: oc.humana-one.com and
info.humana-one.comLiberty Mutual LastPass
Possibly
Change
passwordMain: www.libertymutual.com
Login: eservice.libertymutual.comMetLife LastPass
Possibly
Change
passwordwww.metlife.com Priority Health of Michigan LastPass
no
no
Nothing
Main: www.priorityhealth.com Progressive LastPass
no
no
Nothing
Main: www.progressive.com
Login: onlineservice7.progressive.comState Farm LastPass
Possibly
Change
passwordMain: www.statefarm.com
Login: www.statefarm.com and online2.statefarm.comTravelers LastPass
no
no
Nothing
www.travelers.com Media / News / Sports [Return to category list] Benzie County Record Patriot (and any of the Pioneer Group's newspapers) LastPass
Company
technicianYES
YES
CONTACT
COMPANYMain: news.pioneergroup.com/recordpatriot
Login: news.pioneergroup.com
LastPass: Was possibly vulnerable, cannot be sure, contact company.
Company technician: "Our server was vulnerable, but it was patched immediately after the bug was announced."
But it is unclear is the company is safe, as the SSL certificates are old (have not been revoked and renewed since the patch was put into place).Bleacher Report CNET
LastPassPossibly
Change
passwordbleacherreport.com
CNET: Awaiting response
LastPass: now safe, change passwordBuzzFeed CNET
LastPassPossibly
YES
Change
passwordCNET: Awaiting response.
LastPass: Now safe, change your password.CBS Sports CNET
LastPassno
no
Nothing
www.cbssports.com
CNET: not vulnerable
LastPass: Was possibly vulnerable, contact company.Chicago Tribune LastPass
Possibly
Change
passwordwww.chicagotribune.com CNN CNET
no
no
Nothing
www.cnn.com
(Could not determine login URL)Daily Mail CNET
LastPassPossibly
Change
passwordwww.dailymail.co.uk
CNET: Awaiting response
LastPass: now safe, change passwordDrudge Report CNET
Unknown
CONTACT
COMPANYMain: www.drudgereport.com
Login site: not found
CNET: Awaiting responseEspn.go.com CNET
LastPassYES
YES
Change
passwordespn.go.com Forbes CNET
LastPassno
no
Nothing
Main: www.forbes.com
Login: blogs.forbes.com
CNET: not vulnerable
LastPass: Was possibly vulnerable, contact company.Fox News CNET
LastPassno
no
Change
password
to be safewww.foxnews.com
CNET: was not vulnerable
LastPass: was possibly vulnerable, now safe, change password.Huffington Post CNET
LastPassPossibly
YES
Change
passwordCNET: Awaiting response.
LastPass: fixed and OK to change password.LA Times LastPass
Possibly
Change
passwordMain: www.latimes.com
Login: www.latimes.com (now safe, change password) and myaccount2.latimes.com (tot vulnerable)Mashable LastPass
Possibly
Change
passwordmashable.com Morning Star Publishing Grand Traverse Insider, Morning Sun, The Kalkaskian, and The Leader place an ad LastPass
Possibly
Change
passwordMain: www.morningstarpublishing.com
Login: morningstarclassifieds.kaango.comMSN CNET
Mashable
LastPassno
no
Nothing
A Microsoft site.
Main: www.msn.com
Login: login.live.com
Mashable: "Microsoft services were not running OpenSSL, according to LastPass.NBC News CNET
LastPassPossibly
Change
passwordsecure.nbcnews.com
CNET: Awaiting response
LastPass: Possibly vulnerable, safe to change passwordNYTimes CNET
LassPass
AgentPossibly
Change
passwordMain: www.nytimes.com
Login: myaccount.nytimes.com
CNET: Awaiting response.
LastPass: Possibly vulnerable, contact company.
Agent: "Most of our internal sytems and infrastructure are not at risk because we do not use the version of OpenSSL that has been identified as vulnerable. Moreover, we contacted our third party providers that may have been at risk to assure adequate security has been restored to their systems."
So, because some of their third party providers were at risk but are now safe, it's best to change your password with this company.CNET
LastPassYES
YES
Change
passwordMain: www.reddit.com
Login: ssl.reddit.comSporting News LassPass
Possibly
Change
passwordwww.sportingnews.com Traverse City Record Eagle LassPass
Possibly
Change
passwordwww.record-eagle.com
LastPass: Unable to extract SSL information.TMZ CNET
LassPassPossibly
Change
passwordwww.tmz.com
CNET: Awaiting response
LassPass: Possibly vulnerable, now safe, change password.USA Today CNET
LassPassno
no
Nothing
Main: www.usatoday.com
Login: offers.usatoday.com
CNET: Not vulnerable
LassPass: Possibly vulnerable, contact company.Wall Street Journal CNET
LassPass
AgentPossibly
Change
passwordMain site: online.wsj.com
Login: id.wsj.com
CNET: Awaiting response
A customer service agent provided this non-answer, "Please be assured that Dow Jones is aware of the matter and quickly took steps to address the issue. We're not aware of any impact to our customers. We continue to closely monitor the situation, your privacy is of the utmost importance to us."
I wrote back asking for a real answer, such as, "were you vulnerable?" They have yet to reply. From the response they did provide, they clearly were vulnerable.
LassPass: Was possibly vulnearble, now safe to change password.Washington Post CNET
LassPassYES
YES
Change
passwordMain: www.washingtonpost.com
Login: account.washingtonpost.comMovies, Videos, TV Shows [Return to category list] Blockbuster LastPass
Possibly
Change
passwordwww.blockbuster.com Fandango LassPass
no
no
Nothing
www.fandango.com Flixster LastPass
Agentno
Change
passwordwww.flixster.com
LastPass: Possibly vulneable, but is now safe, change your password.
Customer service agent: "Flixster and Rotten Tomatoes were not affected by the heartbleed bug. If you're concerned about account security, you can change your password on the Account page when logged in on the Flixster website."Hulu Mashable
CNET
LastPassno
no
Nothing
Main: www.hulu.com
Login: secure.hulu.comIMDb CNET
LastPassno
no
Change
password
to be safeMain:www.imdb.com
Login: secure.imdb.com
CNET: not vulneable
LastPass: Possibly vulneable, now safe, change passwordMetacritic LastPass
Possibly
Change
passwordMain: www.metacritic.com
Login: secure.metacritic.comMoviefone LastPass
no
no
Nothing
An AOL company
Main: www.moviefone.com
Login: api.screenname.aol.comNetflix Mashable
CNET
LastPassYES
YES
Change
passwordwww.netflix.com Roku LastPass
Company
statementYES
YES
Change
passwordMain: www.roku.com
Login: owner.roku.com
LassPass: Possibly vulnearble, contact company.
Company statement on their forum, 4-11-14: "After a thorough review of our implementation of OpenSSL we have verified that Roku does not implement any of the OpenSSL versions identified as being vulnerable to 'Heartbleed' per the US-CERT Alert (CVE-2014-0160). However, some of our vendors who handle information collected through our platform may have implemented the affected OpenSSL versions. We have contacted our vendors and they have disclosed to us that they have patched their systems and have taken appropriate counter-measures. We will continue to monitor and respond to this situation so as to minimize the potential risk to our customers."Rotten Tomatoes LastPass
Agentno
Change
passwordA Flixster compnay.
www.rottentomatoes.com
LastPass: Possibly vulneable, contact the company.
Customer service agent: "Flixster and Rotten Tomatoes were not affected by the heartbleed bug. If you're concerned about account security, you can change your password on the Account page when logged in on the Flixster website."Vimeo CNET
LastPassYES
YES
Change
passwordvimeo.com Vudu LastPass
Possibly
Change
passwordwww.vudu.com YouTube Mashable
CNET
LastPassYES
YES
Change
passwordAnd for ALL Google services.
Main: www.youtube.com
Login: accounts.google.com
Google spokesperson said in an emailed statement, 'We have assessed the SSL vulnerability and applied patches to key Google services."Music-related [Return to category list] CD Baby LastPass
Possibly
Change
passwordwww.cdbaby.com Finale music software online account LastPass
no
no
Change
password
to be safeMain: www.finalemusic.com
Login: store.makemusic.comGrooveshark LastPass
Possibly
Change
passwordgrooveshark.com iTunes Store LastPass
no
no
Nothing
An Apple service.
Login: itunes.apple.comMOG LastPass
Agentno
no
Nothing
mog.com
LastPass: Possibly was vulnerable, we cannot tell.
Agent: "We were not vulnerable to the Heartbleed bug and per our 3rd party partners, they also were not at risk. It should be completely safe for you to change/update your password on the MOG service, if so desired."MySpace LastPass
Possibly
Vulneable
CONTACT
COMPANYmyspace.com
LastPass: Unable to get HTTP headers for myspace.com. Was possibly vulnerable, contact company.Pandora Mashable
CNET
LastPassno
no
Nothing
www.pandora.com
Mashable and CNET say not vulnerable.
LastPass: possibly vulnerable, contact company.Rdio LastPass
Possibly
Change
passwordwww.rdio.com Sirius XM Satellite Radio LastPass
Possibly
Change
passwordMain: www.siriusxm.com
Login: care.siriusxm.comSoundCloud Mashable
LastPassYES
YES
Change
passwordsoundcloud.com Spotify LastPass
AgentPossibly
Change
passwordwww.spotify.com
Agent "Tthere shouldn't be any need for worry at this stage. We've done a thorough investigation of potential vulnerabilities, and as always we're taking the necessary steps to ensure the security of your Spotify account."
LastPass: Was possibly vulnerable, but now safe; change paswsord.Password Managers [Return to category list] 1Password Mashable
no
no
Nothing
agilebits.com/onepassword
(No login URL found at the site to check with LastPass)Dashlane Mashable
LastPassYES
YES
Change
password
to be safewww.dashlane.com
Mashable: Users' accounts were not impacted and the master password is safe.
LastPass: Was possibly vulnerable, but now safe; change password.
See also, the company statement about "Dashlane safe from new OpenSSL CCS injection vulnerability."LastPass Mashable
LastPass
Company statementYES
YES
Nothing
lastpass.com
Mashable: Users don't need to change their master passwords because they're never sent to the server.
Their company statement here essentially says, users don't need to change their master passwords.
LastPass Checker: Was possibly vulnerable, but now safe; change password.Photo-related [Return to category list] AdoramaPix LastPass
no
no
Nothing
www.adoramapix.com Flickr Mashable
CNET
LastPassYES
YES
Change
passwordAnd for ALL Yahoo services
Main: www.flickr.com
Login: www.flickr.com AND login.yahoo.comGetty Images - Buyers LastPass
no
no
Nothing
Main: www.gettyimages.com
Login: secure.gettyimages.comGetty Images - Contributors LastPass
no
no
Nothing
Login: contributors.gettyimages.com Shutterfly LastPass
Possibly
Change
passwordwww.shutterfly.com Snapfish (by HP) LastPass
Company
statementPossibly
Change
passwordwww.snapfish.com
LassPass: Was possibly vulnearble, now safe, change password.
General company statement from HP applies to many HP products, services, and Web sites.Real Estate [Return to category list] For Sale by Owner LastPass
Possibly
Change
passwordwww.forsalebyowner.com Realtor.com LastPass
Possibly
Change
passwordwww.realtor.com
8/2014 They apparently changed servers from OpenSSL to Microsoft, and are now safe. But they likely were vulnerable before the change. Change password to be safe.Trulia CNET
LastPassno
no
Change
password
to be safewww.trulia.com
CNET: not vulnearble
LassPass: Was possibly vulnearble, now safe, change password.Zillow CNET
LastPassno
no
Change
password
to be safewww.zillow.com
CNET: not vulnearble
LassPass: Was possibly vulnearble, now safe, change password.Reference Sites [Return to category list] About CNET
no
no
Nothing
www.about.com
Could not find a login URLAncestry.com LastPass
no
no
Nothing
Main: www.ancestry.com
Login: secure.ancestry.comDictionary.com / Reference.com CNET
LastPassno
no
Nothing
Main: dictionary.reference.com AND dictionary.reference.com
www.reference.com
Login: app.dictionary.com
CNET: not vulnearble
LastPass: Was possibly vulnearble, contact company.wikiHow CNET
LastPassno
no
Change
password
to be safewww.wikihow.com
CNET: not vulnearble
LastPass: Was possibly vulnearble, now safe, change password.Wikipedia (if you have an account there) Mashable
CNET
LastPass
Company statementYES
YES
Change
passwordMain: wikipedia.org
Login (English): en.wikipedia.org
See company statement here.Retail / Shopping / Commerce [Return to category list] Adorama LastPass
no
no
Nothing
www.adorama.com Altrec LastPass
Possibly
Change
passwordwww.altrec.com
secure.altrec.com
LastPass: Was possibly vulnearble, now safe, change password.Amazon Mashable
CNET
LastPassno
no
Nothing
www.amazon.com
Mashable and CNET: "Amazon.com is not affected."
LastPass: not vulnearble.Bass Pro Shops LastPass
Possibly
Change
passwordwww.basspro.com Best Buy CNET
LastPassPossibly
Change
passwordMain: www.bestbuy.com
Login: www-ssl.bestbuy.com
CNET: Awaiting responseBlair / Sahalie LastPass
Possibly
Change
passwordMain: www.blair.com
Login: www.blair.com
Main: www.sahalie.com
Login: sahalie.blair.comBlue Mountain LastPass
Possibly
Change
passwordwww.bluemountain.com Cabela's LastPass
YES
Change
passwordwww.cabelas.com CDW LastPass
Possibly
Change
passwordwww.cdw.com Costco LastPass
Possibly
Change
passwordwww.costco.com Dillard's CNET
LastPassno
no
Nothing
www.dillards.com eBay Mashable
CNET
LastPass
eBay Noticeno
no
Change
password
due to other cyber attackwww.ebay.com
signin.ebay.com
Mashable, CNET, and LastPass all say eBay was not vulnerable to the Heartblleed bug and nothing needs to be done.
HOWEVER, on 5/21/14, eBay announced we all need to change our passwords with them due to a separate cyber attack on their password database. See more here.eToys LastPass
Possibly
Change
passwordwww.etoys.com Etsy Mashable
CNETYES
YES
Change
passwordFedco Electonics LastPass
Possibly
Vulneable
CONTACT
COMPANYMain: www.fedcoelectronics.com
Login: access.fedcoelectronics.comFry's (& Outpost) LastPass
Possibly
Change
passwordMain: www.frys.com
Login: shop4.frys.comGander Mountain LastPass
Possibly
Change
passwordMain: www.gandermountain.com
Login: www.gandermountain.com AND secure.gandermountain.com
LastPass:
www.gandermountain.com: Was possibly vulnearble, now safe, change password.
secure.gandermountain.com: Was possibly vulnearble, now safe, change password.Griffin Technologies LastPass
Possibly
Change
passwordMain: griffintechnology.com
Login: store.griffintechnology.comGroupon Mashable
CNET
LastPassno
no
Nothing
www.groupon.com Hallmark (Greeting Cards) LastPass
no
no
Nothing
www.hallmark.com Harbor Freight Tools LastPass
Possibly
Change
passwordMain: www.harborfreight.com
Login: shop.harborfreight.comHerrschners LastPass
no
no
Nothing
www.herrschners.com Home Depot CNET
LastPassPossibly
Change
passwordMain: www.homedepot.com
Login: secure2.homedepot.com
CNET: Awaiting response
LastPass: now safe, change passwordJacquie Lawson LastPass
Possibly
Change
passwordwww.jacquielawson.com JC Penney LastPass
Possibly
Change
passwordwww.jcpenney.com Kmart LastPass
Possibly
Change
passwordwww.kmart.com Kohl's LastPass
Possibly
Change
passwordwww.kohls.com Lands End LastPass
Possibly
YES
Change
passwordwww.landsend.com L L Bean LastPass
Possibly
Change
passwordwww.llbean.com Living Social LastPass
Possibly
Vulneable
CONTACT
COMPANYMain: www.livingsocial.com
Login: login.livingsocial.comLowe's LastPass
Possibly
Change
passwordwww.lowes.com MacConnection LastPass
no
no
Nothing
www.macconnection.com MacMall LastPass
Possibly
Change
passwordwww.macmall.com Macy's LastPass
Possibly
Change
passwordwww.macys.com Meijer LastPass
no
no
Nothing
Main: www.meijer.com
Login: accounts.meijer.comMenards LastPass
Possibly
Change
passwordwww.menards.com MyPoints CNET
LastPassPossibly
Change
passwordwww.mypoints.com
CNET: not vulnerable
LastPass: was possibly vulnerable, now safe, change passwordNordstrom Mashable
LastPassno
no
Nothing
Main: shop.nordstrom.com
Login: secure.nordstrom.comNorthern Tool & Equipment LastPass
Possibly
Change
passwordwww.northerntool.com Office Depot LastPass
Possibly
Change
passwordwww.officedepot.com Office Max LastPass
Possibly
Change
passwordwww.officemax.com Peachtree Woodworking Supply LastPass
no
no
Nothing
Main: www.ptreeusa.com
Login: shop6.mailordercentral.comPC Connection LastPass
no
no
Nothing
www.pcconnection.com PC Mall LastPass
Possibly
Change
passwordwww.pcm.com Pottery Barn LastPass
Possibly
Change
passwordMain: www.potterybarn.com
Login: secure.potterybarn.comQVC LastPass
Possibly
Change
passwordwww.qvc.com REI LastPass
Possibly
Change
passwordwww.rei.com Sam's Club LastPass
Possibly
Change
passwordwww.samsclub.com Sears LastPass
Possibly
Change
passwordwww.sears.com Small Dog Electronics LastPass
Possibly
Change
passwordMain: www.smalldog.com
Login: checkout.smalldog.comStaples LastPass
Possibly
Change
passwordwww.staples.com Target Mashable
CNET
LastPassno
no
Nothing
Main: www.target.com
Login: www-secure.target.comToyota Owners LastPass
Possibly
Change
passwordMain: www.toyota.com/owners
Login: www.toyota.comToys R Us LastPass
Possibly
Change
passwordwww.toysrus.com Vistaprint.com LastPass
Possibly
Change
passwordMain: www.vistaprint.com
Login: secure.vistaprint.comWalmart Mashable
LastPassno
no
Nothing
www.walmart.com Woodcrafter.com LastPass
no
no
Nothing
www.woodcrafter.com Zappos.com LastPass
Possibly
Change
passwordwww.zappos.com
secure-www.zappos.comZones - MacZone, PCZone LastPass
no
no
Nothing
Main: www.zones.com
Login: www.zones.comShipping Services [Return to category list] Federal Express CNET
LastPassno
no
Change
password
to be safewww.fedex.com
CNET: not vulnerable
LastPass: was possibly vulnerable, now safe, change passwordUPS CNET
LastPassno
no
Change
password
to be safewww.ups.com
CNET: not vulnerable
LastPass: was possibly vulnerable, now safe, change passwordUSPS CNET
LastPassYES
YES
Change
passwordMain: www.usps.com
Login: reg.usps.com
CNET: was possibly vulnerable, now safe, change password.
LastPass: was possibly vulnerable, contact companySocial Networks & Media [Return to category list] BlackBerry ID LastPass
Possibly
Change
passwordMain: us.blackberry.com
Login: blackberryid.blackberry.comBlackBerry products Company
statementPossibly
Vulneable
CONTACT
COMPANYBlackBerry smartphones were not affected, but many software produtcs were. See the BlackBerry company statement for the details about the vulnerability of their various products. Blogger / Blogspot CNET
LastPassPossibly
YES
Change
passwordA Google service. Classmates CNET
LastPassPossibly
Change
passwordMain: www.classmates.com
Login: secure.classmates.com
CNET: not vulnerable.
LastPass: was possibly vulnerable, now safe, change passwordMashable
CNET
LastPassUnclear
YES
Change
passwordwww.facebook.com Flipboard app LastPass
Likely
Change
passwordMain: www.flipboard.com
Login URLs: flipboard.com, cdn.flipboard.com (but via their app, not the Web site.Foursquare LastPass
Possibly
Change
passwordfoursquare.com HootSuite CNET
LastPassPossibly
Change
passwordhootsuite.com
CNET: not vulnerable.
LastPass: was possibly vulnerable, now safe, change passwordMashable
CNET
LastPassYES
YES
Change
passwordinstagram.com Mashable
CNET
LastPassno
no
Nothing
www.linkedin.com
Mashable: "We didn't use the offending implementation of OpenSSL in www.linkedin.com or www.slideshare.net. As a result, Heartbleed does not present a risk to these web properties."
LastPass: not vulnerable.Pinboard CNET
LastPassYES
YES
Change
passwordwww.pinboard.in Mashable
CNET
LastPassYES
YES
Change
passwordwww.pinterest.com Slideshare Mashable
LastPassno
no
Nothing
slideshare.net
Mashable: "We didn't use the offending implementation of OpenSSL in www.linkedin.com or www.slideshare.net. As a result, Heartbleed does not present a risk to these web properties."
LastPass: possibly vulnerable, contact companyTumblr Mashable
CNET
LastPassYES
YES
Change
passwordAnd for ALL Yahoo services.
www.tumblr.comMashable
CNET
CNN Money
LastPassno
YES
Change
password
(to be safe)twitter.com
vine.co
CNET: was not vulnerable
CNN Money: was not vulnerable
Mashable: Change password to be safe
LastPass: Change password to be safeVine LastPass
Possibly
Change
passwordvine.co
A Twitter Web site and appWikia CNET
LastPassYES
YES
Change
passwordwww.wikia.com Wordpress.com (the free blog site) Mashable
LastPassYES
YES
Change
passwordWordpress.com Travel [Return to category list] AAA Motor Club - Michigan LastPass
no
no
Nothing
michigan.aaa.com Airbnb CNN Money
LastPassYES
Change
passwordwww.airbnb.com American Airlines LastPass
Possibly
Change
passwordMain: www.aa.com
Login: www.aa.comAmtrak LastPass
Possibly
Change
passwordBoth of these may be used:
www.amtrak.com
tickets.amtrak.comCheap Tickets LastPass
Possibly
Change
passwordwww.cheaptickets.com Delta Airlines LastPass
Possibly
Change
passwordwww.delta.com Expedia LastPass
Possibly
Change
passwordwww.expedia.com Jet Blue LastPass
Possibly
CONTACT
COMPANYMain: www.jetblue.com
Login mixed results:
book.jetblue.com: was unsafe, now safe, change password
trueblue.jetblue.com: possibly unsafe, unable to extract SSL informationKayak LastPass
Possibly
Change
passwordMain: www.kayak.com
Login: www.kayak.comOrbitz CNET
LastPassPossibly
Change
passwordwww.orbitz.com
CNET: not vulnerable.
LastPass: was possibly vulnerable, now safe, change passwordPriceline.com LastPass
AgentPossibly
Change
passwordwww.priceline.com
LastPass: possibly vulneable, now safe, change password..
A customer service agent provided this answer, "We do use Secure Socket Layer (SSL) technology to encrypt all personal information. But our website and mobile application have never been affected by the Heartbleed bug. Please feel free to use our website or mobile application."Southwest Airlines LastPass
Possibly
Change
passwordwww.southwest.com Travelocity LastPass
Possibly
Change
passwordwww.travelocity.com Travel Zoo LastPass
Possibly
Change
passwordMain: www.travelzoo.com
Login: ssl.travelzoo.comTripAdvisor CNET
Possibly
LastPass
Change
passwordwww.tripadvisor.com
CNET: not vulnerable.
LastPass: was possibly vulnerable, now safe, change passwordUnited Airlines LastPass
Possibly
Change
passwordwww.united.com US Airways LastPass
no
no
Nothing
Main: www.usairways.com
Login: membership.usairways.comWeather-related [Return to category list] AccuWeather LastPass
no
no
Nothing
Main: www.accuweather.com
Login: wwwl.accuweather.comWeather Channel CNET
LastPassYES
YES
Change
passwordMain: www.weather.com
Login: profile.weather.comWeather Underground LastPass
Agentno
no
Nothing
www.wunderground.com
LastPass: was possibly vulneable, now safe, change password.
Customer service agent said, "they were not vulnerable."MISCELLANEOUS [Return to category list] Ask LastPass
Possibly
Change
passwordwww.ask.com Answers CNET
LastPassno
no
Nothing
www.answers.com
CNET: not vulnerable.
LastPass: possibly vulnerable, contact companyAWeber CNET
LastPassPossibly
Change
password
to be safewww.aweber.com
CNET: not vulnerable.
LastPass: was possibly vulnerable, now safe, change passwordBlack & Decker / Bostitch / Delta / DeWalt / Porter Cable ServiceNet Tool Center LastPass
no
no
Nothing
servicenet.dewalt.com Braeside Displays LastPass
no
no
Nothing
www.braesidedisplays.com CNET CNET
LastPassPossibly
Change
password
to be safewww.cnet.com
CNET: not vulnerable.
LastPass: was possibly vulnerable, now safe, change passwordConstant Contact CNET
LastPassPossibly
Change
password
to be safeMain: www.constantcontact.com
Login: login.constantcontact.com
CNET: not vulnerable.
LastPass: was possibly vulnerable, now safe, change passwordCraigslist LastPass
CNETPossibly
YES
Change
passwordMain: craigslist.org
Login accounts.craigslist.org
CNET: Awaiting response
LastPass: Was possibly vulnerable, now safe, change password.CreateSpace LastPass
Agentno
no
Change
password
to be safewww.createspace.com
LastPass: Was possibly vulnerable, now safe, change password.
Agent: "CreateSpace is not affected by this issueEvernote Mashable
LastPassno
no
Nothing
evernote.com Freecycle LastPass
Possibly
Change
passwordMain: www.freecycle.org
Login: my.freecycle.org
LastPass: Possibly vulnerable, and unable to extract SSL information.Free Patents Online LastPass
Possibly
Vulneable
CONTACT
COMPANYwww.freepatentsonline.com
LastPass: Was possibly vulnerable, Unable to extract SSL information.Indeed CNET
LastPassPossibly
Change
passwordsecure.indeed.com
CNET: Awaiting response
LastPass: now safe, change passwordKickstarter LastPass
Possibly
Change
passwordwww.kickstarter.com LifeLock enroll and manage your LifeLock membership LastPass
Company
statementno
no
Nothing
Main: www.lifelock.com
Login: secure.lifelock.com
LastPass: possibly vulneable, contact company.
Company statement on their Facebook page, from a 4/11/14 post: "Are you a LifeLock member concerned about the HeartBleed Web security flaw? The secure LifeLock site where you enroll and manage your LifeLock membership was not running the flawed software, so your data was not exposed. We reviewed our other services and made updates where necessary. But we know that many people use the same passwords on multiple sites. If you do, please change your LifeLock password in case it was compromised on another site."LifeLock other services Company
statementPossibly
Change
passwordLinkShare LastPass
Possibly
Change
passwordMain: www.linkshare.com
Login: login.linkshare.comMapQuest CNN Money
LastPassno
no
Nothing
Main: www.mapquest.com
Login: accounts.mapquest.com
LastPass: contact company
CNN Money: the site was not vulnerable.Outbrain CNET
LastPassYES
YES
Change
passwordMain: www.outbrain.com
Login: my.outbrain.comNational Geographic Online LastPass
Possibly
Change
passwordwww.nationalgeographic.com PayScale CNET
LastPassno
no
Nothing
www.payscale.com Publishers Clearing House CNET
LastPassno
no
Nothing
Main: www.pch.com
Login: spectrum.pch.com
CNET: Awaiting response
LastPass: was not vulnerableRosetta Stone LastPass
Possibly
Change
passwordMain: www.rosettastone.com
Login: totale.rosettastone.comThe Pirate Bay CNET
LastPassYES
YES
Change
passwordthepiratebay.se
CNET: Awaiting response
LastPass: now safe, change passwordWunderlist Mashable
LastPassYES
YES
Change
passwordwww.wunderlist.com Yelp CNET
LastPassYES
YES
Change
passwordwww.yelp.com Zedo CNET
LastPassno
no
Change
password
to be safeMain: www.zedo.com
Login: target.zedo.com
CNET: Not vulnerable
LastPass: Was possibly vulnerable, now safe, change passwordZEDO Ad Network LastPass
Possibly
Change
passwordwww.zedoadnetwork.com Zip.pro Unknown
CONTACT
COMPANYMain: zip.pro
Login: myaccount.zip.pro
Status unknown as the "My Account section of Zip.pro is currently undergoing renovation. We will re-launch soon." Try again later.
(myaccount.zip.pro ???)Zoom Info LastPass
Possibly
Vulneable
CONTACT
COMPANYwww.zoominfo.com
LastPass: Possibly vulneable and unable to extract SSL information
