Heartbleed OpenSSL Bug – List of Affected Sites

The following list shows the current statuses (as of April 10,2014) of sites we felt our clients would be most interested in knowing about. If you have accounts at these sites, it is highly recommended you update your passwords. 

(Learn more about the Heartbleed OpenSSL bug.)

Vulnerability Status key:
Yes – site has at some point been, or is currently, vulnerable
Likely – site was likely vulnerable but cannot be confirmed
Possibly – site may have been vulnerable but cannot be confirmed
No – site was not vulnerable

List of Popular websites and Heartbleed vulnerability status:
Updated April 11 3pm CST

Apple: Not affected
Amazon: Not affected
basecamp: Not affected
Disqus: Yes (now safe)
Doteasy: Likely (now safe)
Dropbox: Yes (now safe)
eBay: Possibly
Etsy: Yes (now safe)
Github: Yes (now safe)
Godaddy: Yes (now safe)
Google: Yes (now safe)
Hotmail: Possibly (now safe)
Intense Debate: Likely (now safe)
istockphoto: Likely
LinkedIn: Not affected
Lunarpages: Yes (now safe)
Marketo: Likely (now safe)
myspace: Possibly
Office Autopilot: Likely (now safe)
Paypal : Not affected
Pinterest: Yes (now safe)
Siasto: Yes (now safe)
Siteground: Yes (now safe)
Slideshare: Not affected
Skype: Likely (now safe)
Twitter: Yes (now safe)


More info:

Is there a site you don’t see here but are interested in? Here is a great resource to check out the vulnerability status of any site:

Here’s a secondary resource, though not one I’m putting a lot of stock in because their testing method just isn’t quite thorough enough to detect the vulnerability.


Action item:
Change passwords for any site that is now safe. Changing passwords at sites that have not yet been patched will be without reason, as they will need to be changed again after the patch has been applied. We will update this list as we get new information. However, sites that cannot be confirmed may never have a status of “Now Safe”. In that case we recommend updating passwords anyway, to be extra diligent – it never hurts to update anyway. Don’t forget about your personal accounts as well (credit cards, bank accounts, etc.)


TrekVisual Clients:
We work hard to protect your website’s integrity. We’ll update TrekVisual client data once servers have patched their software, and we’ll notify you of any information you need to be aware of. Please email us with any questions you have.