April 14, 2014
Apple has already confirmed that iOS, OS X, and its “key Web services” aren’t susceptible to the Heartbleed security flaw known to have affected countless popular websites. What about other sites where you have an account?
Three new sites have recently popped up that alert users when such attacks happen. All three sites offer free signups to alert users in the future if an email address is compromised. The best of these is haveibeenpwned.com, which allows you to enter in an email address to see if hackers have compromised it. It will tell you where and when your account was vulnerable and offer solutions to fix it. Another site, PwnedList, will identify the number of times your email might have been involved in a data leak. Unfortunately, it doesn't tell you the site where your email may have been compromised. The same restrictions apply to shouldichangemypassword.com. I have three email accounts that I use on a regular basis. Each of the sites mentioned above identified the same number of vulnerabilities with my accounts. The site haveibeenpwned.com showed me where these vulnerabilities occurred. Luckily, these threats were reported months ago. At the time, I changed my account passwords, as advised. For a list of vulnerable and previously-vulnerable websites, this CNET article could be of use. A good rule of thumb: Make sure you change your account passwords on a regular basis. If you don't remember the last time a password was changed, it's best to change it now. This includes your actual email password, plus the passwords you use at individual sites. As Joe White first noted, we’d recommend taking 1Password for a spin. This fully-featured password manager keeps track of users’ passwords for multiple services, and features auto-fill, a password generator, support for credit cards, and even secure notes.
1Password - Password Manager and Secure Wallet