Internet Users Failing to Protect Themselves From Heartbleed
New data from Pew indicates that while many have heard of Heartbleed, less than half of those Internet users have taken steps to protect themselves.The Heartbleed security vulnerability that was first disclosed in early April has dominated technology security headlines in recent weeks, but that doesn't mean that all Internet users have actually taken steps to protect themselves. A new study published on April 30 by the Pew Research Center reveals that less than half of the Internet users who were aware of the Heartbleed took steps to protect themselves. The Heartbleed security flaw was first revealed on April 7 by the open-source OpenSSL project. OpenSSL is an open-source cryptographic library that provides Secure Sockets Layer (SSL) encryption for data in transport. The Heartbleed flaw is technically identified as CVE-2014-0160 and called "TLS heartbeat read overrun" and could enable an attacker to get access to information that is supposed to be encrypted with SSL. OpenSSL is widely used on servers and embedded devices including mobile phones, giving the Heartbleed vulnerability significant global impact. According to the Pew study of 1,501 American adults surveyed between April 23-27, 64 percent of surveyed Internet users had heard about the Heartbleed flaw. Of those respondents who were aware of the Heartbleed flaw, only 39 percent actually took steps to protect themselves. Those steps include changing passwords and avoiding potentially vulnerable online services.
Looking deeper into the demographics of those who changed their passwords in response to Heartbleed, Pew found that there was a disparity across income levels. For American households with incomes of less than $30,000, only 33 percent had changed passwords. In contrast, 46 percent of American households earning $75,000 or more changed passwords in response to Heartbleed.