ATI's Heartbleed list of popular & common Web sites and...

  • if they were vulnerable to the Heartbleed bug,
  • if they've implemented fixes for the bug yet,
  • if you need do nothing, or more likely,
  • change your password or contact the company.

(Page last updated: 12/03/2015)

ATI's Heartbleed Bug Page       ATI Consulting Home Page

These sources were used to create the huge list below and the results for each company:

Notes on the results below:

Recommendations:

Web site, Internet
service, or app

Source

Was the site
vulnerable?

Site
patched?

What you
need to
do...

Comments
Cable, Internet, Phone, Satellite, TV Service Providers  [Return to category list]
Ace Communications

LastPass

no

no

Nothing

Main: acegroup.cc
Login: myaccount.acecomgroup.net
AT&T — att.com (main account)

LastPass

Possibly

 

Change
password

Based on the statement from AT&T from 4/11/14 (hidden on their blog), it's not clear if they were vulnerable, or not. However, LastPass now says: they may have been vulnerable, but are now safe; change your password.
AT&T — att.net

LastPass

Possibly

 

Change
password

And it reroutes to att.yahoo.com, and Yahoo was vulnerable.
AT&T — www.sbcglobal.net

LastPass

Possibly

YES

Change
password

And it reroutes to att.yahoo.com, and Yahoo was vulnerable.
Boingo Wireless

LastPass
Company statement

YES

YES

Change
password

Main: www.boingo.com:
Login: my.boingo.com
LastPass: Possibly vulneable, contact company.

Company statement buried on their blog: "We have upgraded the SSL software, and the servers are now as good as new, without those pesky security flaws that make it possible for hackers to take something that didn’t belong to them. We recommend that our customers change their password if they have used our VPN service or logged in to a partner network in the last two years."
CenturyLink

LastPass

Possibly

 

Change
password

eam.centurylink.com
Charter — charter.com, main customer account

LastPass
Agent

no

YES

Nothing

Main: charter.com —
Login: www.myaccount.charter.com

LastPass: Was not vulnerable.

Agent: They claim they were not vulnerable but have implemented the patch for the bug, which strongly suggests they actually were vulnerable. She knew nothing about the digital security certificates. This likley all we'll ever hear about this from Charter.
Charter — charter.net, Web-based email

LastPass
Agent

Possibly

YES

Change
password

Main: webmail.charter.net
Login: web.charter.net

LastPass: Possibly vulnerable, contact company

Agent: They claim they were not vulnerable but have implemented the patch for the bug, which strongly suggests they actually were vulnerable. She knew nothing about the digital security certificates, which are old, as can be seen with the LastPass check. This likley all we'll ever hear about this from Charter. So, change your password now, and do so again in six months, to be safe.
Comcast

CNET
LastPass

no

no

Nothing

CNET: Awaiting response
LastPass: Not vulnerable
Earthlink

LastPass

Possibly

 

Change
password

Main 1: www.earthlink.com
Main 2: www.earthlink.net
Login: myaccount.earthlink.net
Hughes

LastPass
Agent

Possibly

YES

Change
password

Main: hughesnet.com
Login: home.myhughesnet.com
LastPass: Possibly vulneable, contact company.

Official statement on the Hughes.net community forum, "For security purposes, all server infrastructure has been secured with the recommended patches and SSL certificates replaced. To protect yourself from any other risks, we strongly encourage you to change your password and update your security questions."
NetZero

CNET
LastPass

no

no

Nothing

Main: www.netzero.net
Login: account.netzero.net AND www.netzero.net
CNET: not vulneable
LastPass: Possibly vulneable, contact company.
Skype

LastPass
MSDN Blog

no

no

Nothing

Main: www.skype.com
Login: login.skype.com

LastPass: possibly vulnerable, contact the company,
An MSDN blog said “After a thorough investigation, Microsoft determined that Microsoft Azure, Office 365, Yammer and Skype, along with most Microsoft Services, are not impacted by the OpenSSL ‘Heartbleed’ vulnerability.”
Sprint

LastPass
MSDN Blog
Company
statement

Possibly

 

Change
password

Main: www.sprint.com
Login: mysprint.sprint.com

Their company statement provides this non-answer: "(We have) not seen any impacts to our website or operations servicing our customers. We vigorously monitor our systems and we have a variety of security protocols and procedures in place to assess, monitor and prevent such impacts."
T-Mobile

LastPass
Company
statement

Possibly

 

Change
password

www.t-mobile.com
LastPass: was possibly vulnerable, now safe, change password.

Their company statement provides this non-answer: "(there) have been no impacts to T-Mobile's network or websites. We continue to monitor for the Heartbleed Bug."
Verizon

LastPass
Company
statement

Possibly
Vulneable

 

Contact
company directly for details about your specific use of their services.

Change
password if you use one of the safe login URLs in the columns to the right.

Certain Android users should be especially concerned.

Main: www.verizon.com and www.verizonwireless.com

Login URLs – based on which URL you're at when you login:
• verizon.com – was possibly vulnerable, now safe, change password
• www.verizonwireless.com – was possibly vulnerable, now safe, change password
• login.verizonwireless.com – was possibly vulnerable, now safe, change password.
• enterprisecenter.verizon.com– was possibly vulnerable, now safe, change password
• signin.verizon.com – was possibly vulnerable, now safe, change password

They have a company statement buried on a forum page. Contacting them directly, they provided the same non-answer: "The long period of industry-wide exposure to the Heartbleed problem is unusual, but in our review to date of Verizon Wireless' external websites, we have found no evidence of any compromise. Our investigation is ongoing, and we continue to work with our vendors as they complete their own assessments. We will respond to the results accordingly."

So, they are not sure – they may have been, an/or may stiill be, vulnerable, which is scary.

Users of Android 4.1.1 should see their company statement, and answer number 2 from 4/24/14 for a special note about those devices.
Wildblue / Exede – main company account, some of their own email accounts, but not their Google-based email accounts. (Note that Google WAS vulnerable to the Heartbleed bug.)

LastPass
Company
statement

YES

YES

Change
password

Web sites:
• www.wildblue.net
• www.exede.net
(Note: some of their email is handled via Google.)

Login URLs – mixed results from LastPass based on which URL you're at when you login:
• myaccount.exede.net – was possibly vulnerable, now safe, change password
• myaccount.wildblue.net – was possibly vulnerable, now safe, change password
• ecare.wildblue.net – was possibly vulnerable, contact company

The detailed company statement does not to mention ecare.wildblue.net, but they do say any.vulnerable site of theirs is now safe, and it's OK to change passwords for any account you have with them.
Computer-related  [Return to category list]
1 and 1

LastPass

Possibly

 

Change
password

www.1and1.com
Adobe

CNET
LastPass
Agent

Possibly

 

Change
password

www.adobe.com
CNET: Awaiting response
LastPass: Possibly vulnerable, now safe, change password.

From a customer service agent at their blog comes this non-answer, "All Adobe internet-facing services known to have been using a version of OpenSSL containing the Heartbleed vulnerability have been mitigated [made less severe]. We are continuing our analysis of Adobe internet-facing servers to identify and remediate any remaining Heartbleed-related risks."
Amazon Web Services (for website operators)

Mashable
CNET

YES

YES

Change
password

Mashable: was vulnerable, now fixed, change password
CNET: Awaiting response
A Plus.net

LastPass

Possibly

 

Change
password

Main: www.aplus.net
Log in: portal.aplus.net
Amazing Counters

LastPass

Possibly

YES

Change
password

www.amazingcounters.com
Apple (and iCloud and iTunes)

Mashable
LastPass
CNET
CNN Money

no

no

Nothing

Main site: apple.com

Apple said "iOS and OS X never incorporated the vulnerable software and key Web-based services were not affected."

But note that individual apps on iPads, iPhones, and iPod Touches may be at risk.
Apple ID

LastPass

no

no

Nothing

An Apple service.
appleid.apple.com
Apple Store

LastPass

no

no

Nothing

An Apple service
Main site: store.apple.com
Login: secure1.store.apple.com
Ask

CNET
LastPass

no

no

Change
password
to be safe

www.ask.com
CNET: not vulnerable
LastPass: was possibly vulnerable,: now safe, change password
Bing

CNET
LastPass

YES

YES

Change
password

CNET: vulnerability patched, change of password recommended.
LastPass: not vulnerable.
Bluehost

LastPass

Possibly

 

Change
password

Main: www.bluehost.com
Log in: my.bluehost.com
Box.com

Mashable
LastPass

YES

YES

Change
password

Main: www.box.com
Login: app.box.com
Bravenet

LastPass

Possibly

YES

Change
password

www.bravenet.com
LastPass: may be vulnerable, unable to extract SSL information.
Bulk Register

LastPass
Company
statement

no

no
(not needed)

Change
password
to be safe

www.bulkregister.com
LastPass: was not vulnerable
Company statement – "Although BulkRegister was unaffected by the Heartbleed bug, as a precaution, we recommend that all BulkRegister users change their account passwords; especially if you use the same login information for other services."
Carbonite

LastPass
Company
statement

no

no

Nothing

Main: www.carbonite.com
Login: account.carbonite.com

LastPass: not vulnerable.
Company statement – "Carbonite Personal and Pro subscriptions do not use the affected encryption software. Your personal data was never at risk."
Clicky Web Analytics

LastPass
Company statement

no

no

Nothing

clicky.com

LastPass: said possibly vulnerable, contact company

Company statement, stated here, buried on a blog, "Clicky was not affected by the 'Heartbleed' security issue. The versions of OpenSSL running on our public servers and load balancers were not any of the ones that were vulnerable. To make doubly sure, we ran tests on all of our public IPs, and they were all reported safe."
Conduit

CNET
LastPass

no

YES

Change
password

mobilecp.conduit.com

CNET: Awaiting response.
LastPass: now safe, change password
Dell

LastPass

no

YES

Change
password
to be safe

Main: www.dell.com
Login: ecomm.dell.com
DomainDiscover

LastPass

Possibly

 

Change
password

Main: www.tierra.net/domains
Log in: www.tierra.net
Domain Registry of America, Domain Registry Services

LastPass

no

no

Nothing

Known for their less-than-ethical practices.
droa.com
Domains Prices Right

LastPass

no

no

Nothing

Main: www.domainspricedright.com
Log in URLs:
• www.domainspricedright.com
• idp.securepaynet.net
Doteasy

LastPass

no

no

Nothing

Main: www.doteasy.com
Log in: member.doteasy.com AND www.doteasy.com
DreamHost

LastPass

Likely

 

Change
password

Main: www.dreamhost.com
Log in URLs"
• panel.dreamhost.com
• www.dreamhost.com
• webftp.dreamhost.com
Dropbox

Mashable
CNET
LastPass

YES

YES

Change
password

www.dropbox.com
ExactSeek

LastPass

Possibly

 

Change
password

www.exactseek.com
Feedbin

CNET
LastPass

YES

YES

Change
password

feedbin.com
Geek Empire Hosting

LastPass

Possibly
Vulneable

 

CONTACT
COMPANY

Main: www.geekempirehosting.com
Log in: secure.geekempirehosting.com
GetPocket

CNET
LastPass

YES

YES

Change
password

getpocket.com
GitHub

Mashable
LastPass

YES

YES

Change
password

github.com
GoDaddy

Mashable
CNET
LastPass

YES

YES

Change
password

Main: www.godaddy.com
Login: www.godaddy.com AND idp.godaddy.com
Mashable and CNET: was vulnerable, now safe, change password.
LastPass: login servers not vulnerable, change password to be safe.
Google

Mashable
CNET
LastPass
Google
statement

YES

YES

Change
password

And for ALL Google services.

Main: www.google.com
Login: accounts.google.com

Google spokesperson said in an emailed statement, 'We have assessed the SSL vulnerability and applied patches to key Google services."
GoogleUserContent.com

CNET
LastPass

Possibly

YES

Change
password

www.googleusercontent.com
Homestead Web sites

LastPass

Possibly

 

Change
password

www.homestead.com
Hover

LastPass

Possibly

 

Change
password

www.hover.com
HP

Company
statement

Possibly
Vulneable

 

CONTACT
COMPANY

General company statement from HP – applies to many HP products, services, and Web sites.
ICQ

LastPass

Possibly

 

Change
password

www.icq.com
IFTTT

Mashable
CNET
LastPass

YES

YES

Change
password

Main: ifttt.com
Imgur

CNET
LastPass

Possibly

YES

Change
password

CNET: Awaiting response.
LastPass: fixed and change password.
InMotion Hosting

LastPass

no

no

Nothing

Main: www.inmotionhosting.com
Log in: secure1.inmotionhosting.com
Intego - support

LastPass

Possibly

 

Change
password

support.intego.com
iPage Hosting

LastPass

Possibly

 

Change
password

Main: www.ipage.com
Log in: secure.ipage.com
Lenovo

LastPass

no

no

Change
password
to be safe

Main: www.lenovo.com
Login: shop.lenovo.com
LastPass: new SSL Certificate
ManageWP

CNET
LastPass

no

no

Change
password
to be safe

Main: managewp.com
CNET: not vulnerable
LastPass: Was possibly vulnerable, now safe, change password.
Medialink Routers

LastPass
Agent

no

no

Nothing

Web site: www.medialinkproducts.com. No sign-in at Web site.
LastPass: No secure server there.
Agent: Our website does not use OpenSSL, so our website is not vulnerable. Our routers have nothing to do with this problem.
Micromat

LastPass

Possibly

 

Change
password

www.micromat.com
Microsoft

Mashable

no

no

Nothing

Main: www.microsoft.com

Microsoft services were not running OpenSSL, according to LastPass.
Microsoft Store

LastPass

no

no

Nothing

www.microsoftstore.com
Network Solutions

LastPass

Possibly

 

Change
password

www.networksolutions.com
Norton (online account)

Norton statement
LastPass

no

 

Change
password
to be safe

Information on Norton products and the Heartbleed vulnerability.

About their Web sites the company said, "No Norton Web sites or accounts were affected by the vulnerability. It is not necessary to change your password"

Several URLs are used for logging in. The LastPass results are mixed:
• www.mynortonaccount.com – possibly vulnerable, contact the company
• account.norton.com – now safe and to change your password there
• login.norton.com – possibly vulnerable, contact the company.
OWC (Other World Computing)

LastPass

Possibly

 

Change
password

Main: www.macsales.com
Login: eshop.macsales.com
Proxim

LastPass

Possibly

YES

Change
password

Main: www.proxim.com
Login: my.proxim.com
Rage Software

LastPass
Agent

no

no

Nothing

Main: www.ragesw.com
Login: billing.ragesw.com

LastPass: possibly vulnerable, contact the company.

Customer service agent, "We have not been using the OpenSSL version that was affected by SSL for a very long time so our servers were not affected by the leakage of the security issue.
RealPlayer Cloud

LastPass

Possibly

 

Change
password

Main: www.real.com
Login: cloud.real.com
Register.com

LastPass

Possibly

 

Change
password

www.register.com

LastPass says: Was possibly vulnerable, now safe, change password.
Roxio

LastPass

no

no

Nothing

www.roxio.com
Salesforce

CNET
LastPass

no

no

Nothing

Main: www.salesforce.com
Login: login.salesforce.com
SanDisk

LastPass

Possibly

 

Change
password

Main: www.sandisk.com
Login: retail.sandisk.com
LastPass says: Possibly unsafe, contact company.
Customer service agent says: "The only product that could have been affected would be sandisk secure access and it was not affected by the bug. No other product used anything that heart bleed bug could affect, and any and all website and support pages have been updated. So we recommend changing any old passwords, but all websites and support pages have been updated, and we do not have any product or software that was affected."
Serif

LastPass

no

no

Nothing

www.serif.com
Site Meter

LastPass

no

no

Nothing

sitemeter.com
SpiderOak

Mashable
LastPass

YES

YES

Nothing

spideroak.com

LastPass says: Was possibly vulnerable, now safe, change password.

Spideroak said it patched its servers, but the desktop client doesn't use a vulnerable version of OpenSSL, so "customers do not need to take any special action."
Stack Overflow

CNET
LastPass

YES

YES

Change
password

stackoverflow.com
Stat Counter

LastPass

Possibly

 

Change
password

statcounter.com
TidBITS

LastPass

Possibly

 

Change
password

tidbits.com
Toshiba

LastPass

Possibly

 

Change
password

www.toshiba.com
WeTransfer

LastPass

Possibly

 

Change
password

www.wetransfer.com
Yahoo

Mashable
CNET
LastPass

YES

YES

Change
password

And for any Yahoo service.
Main: www.yahoo.com
Login: login.yahoo.com
Dating Services  [Return to category list]
eHarmony

LastPass

Possibly

 

Change
password

www.eharmony.com
OKCupid

Mashable
CNET
LastPass

YES

YES

Change
password

www.okcupid.com
Match.com

LastPass

Possibly

 

Change
password

www.match.com
Spark Networks (JDate, Christian Mingle, SilverSingles.com, and more)

Mashable
LastPass

no

no

Nothing

Login: accounts.spark.net
Email  [Return to category list]
AOL

Mashable
LastPass

no

no

Nothing

Main: www.aol.com
Login URLs: new.aol.com, my.screenname.aol.com, AND account.login.aol.com
Gmail

Mashable
LastPass
Google statement

YES

YES

Change
password

And for ALL Google services.

Login: accounts.google.com

Google spokesperson said in an emailed statement, 'We have assessed the SSL vulnerability and applied patches to key Google services."
Hotmail / Outlook / Live.com

CNET
Mashable
LastPass

no

no

Nothing

All Microsoft services. Hotmail and Outlook redirect to Live.com.

Main: www.live.com
Login: login.live.com

Mashable: "Microsoft services were not running OpenSSL, according to LastPass."
Wildblue Mail

Mashable
LastPass

YES

YES

Change
password

Uses Gmail, which was vulnerable.: mail.google.com/a/wildblue.net
Yahoo Mail

Mashable
CNET
LastPass

YES

YES

Change
password

And for any Yahoo service.

Login: login.yahoo.com
Financial  [Return to category list]
Banks – Many big banks (see below) don't use OpenSSL, but instead use proprietary encryption software. But many medium or smaller banks may be vulnerable — it's still unclear. To be sure, contact your bank directly for a determination of if their online banking Web site is (or was) vulnerable. And keep a close eye on any and all financial statements to make sure there are no unfamiliar charges.
Act Blue

LastPass

Possibly

 

Change
password

Main: www.actblue.com
Login: secure.actblue.com
American Express

Mashable
LastPass

no

no

Nothing

Main: www.americanexpress.com
Login: www.americanexpress.com AND online.americanexpress.com
American Funds

Mashable
LastPass

YES

YES

Change
password

www.americanfunds.com
Bank of America

Mashable
CNET
LastPass

no

no

Nothing

Main: www.bankofamerica.com
Login: www.bankofamerica.com AND secure.bankofamerica.com
Barclays

Mashable
LastPass

no

no

Change
password
to be safe

Main: www.barclays.com
Login: www.banking.barclaysus.com AND
www.securebanking.barclaysus.com: was possibly vulnerable, not safe, change PW.
Mashable: not vulnerable
BECU

CNN Money
LastPass

no

no

Nothing

www.becu.org
www.becuonlinebanking.org
Capital One

Mashable
CNET
CNN Money
LastPass

no

no

Nothing

www.capitalone.com
Charles Schwab

CNN Money
Mashable
LastPass

no

no

Nothing

Main: www.schwab.com
Login: client.schwab.com
There were many other login URLs
Chase

Mashable
CNET
LastPass

no

no

Nothing

www.chase.com AND chaseonline.chase.com
Citibank Easy Deals

Mashable
LastPass

no

no

Change
password
to be safe

Main: citieasydeals.com
Login 1: online.citibank.com
Login 2: citieasydeals.com

Mashable says nothing needs to be done with any Citigroup stuff.
LastPass says online.citibank.com was not vulnerable; but the other secure server, citieasydeals.com, may have been vulnerable but it's now safe, and to change your password.
Citigroup

Mashable
LastPass

no

no

Change
password
to be safe

Mashable says nothing needs to be done with any Citigroup stuff.
LastPass: for many of their secure servers, they may have been vulnerable but it's now safe, and to change your password.
E*Trade

Mashable
LastPass
CNN Money

no

no

Nothing

us.etrade.com
Mashable: E*Trade is still investigating
Edward Jones

LastPass
Local rep

Possibly

 

Change
password

Main: www.edwardjones.com
Login: accountaccess.edwardjones.com

LastPass: possibly were vulnerable but are now safe, change your password.
Local rep: "We weren't vulnerable so (there's) no need to do anything."
Equifax

LastPass

Possibly

 

Change
password

Main: www.equifax.com
Login: www.econsumer.equifax.com
Experian -- main member login AND credit report products

LastPass
Agent

Possibly

 

Change
password

Main: www.experian.com
Login: experian.experiandirect.com

LastPass: was possibly vulnerable, now safe, change your password.

Customer service agent: "Please be assured that Experian treats information security as a top priority and operates appropriate patching and vulnerability management processes as a routine measure. At this point, we believe our ExperianDirect.com environment is not vulnerable to this issue. We will continue to monitor the situation and implement recommendations as appropriate."

Note: they are not sure – they may have been, or may still be, vulnerable, which is scary.
Experian -- Contractor Check

LastPass

no

no

Nothing

Main: contractor.smartbusinessreports.com
Login: myaccount.smartbusinessreports.com
Experian -- CreditExpert Credit Manager

LastPass

Possibly

 

Change
password

Login: www.creditexpert.com
Experian -- Experian Connect

LastPass

Possibly

 

Change
password

connect.experian.com
Experian -- Protect My ID service

LastPass

Possibly

 

Change
password

www.protectmyid.com
Experian -- Smart Business Reports

LastPass

no

no

Nothing

Main: www.smartbusinessreports.com
Login: myaccount.smartbusinessreports.com
Experian -- Vehicle History Report

LastPass

Possibly
Vulneable

 

CONTACT
COMPANY

www.autocheck.com
Fidelity

Mashable
LastPass

no

no

Nothing

Main: www.fidelity.com
Login URLs: login.fidelity.com, fps.fidelity.com, and
401k.fidelity.com
Franklin Templeton

LastPass

Possibly

 

Change
password

www.franklintempleton.com
HSBC bank

CNN Money
LastPass

no

no

Change
password

www.us.hsbc.com
CNN Money: safe was not vulnerable
LastPass: Was possibly vulnerable, now fixed, change password to be safe.
Intacct

LastPass
Company
statement

Possibly

 

Change
password

Main: us.intacct.com
Login: www.intacct.com
Company statement
Intuit - Main account

LastPass

no

no

Change
password
(to be safe)

Login: selfservice.intuit.com
LastPass: was not vulnerable

Note Intuit's general company statement which says some products, services, and Web sites were vulnerable but now have been fixed.
Intuit - Mint

CNET
LastPass

Possibly

 

Change
password

wwws.mint.com
CNET: Awaiting response
LastPass: now safe, change your password

Note Intuit's general company statement which says some products, services, and Web sites were vulnerable but now have been fixed.
Intuit - Quickbooks

CNET
LastPass

no

no

Change
password
(to be safe)

qbo.intuit.com
selfservice.intuit.com
CNET: Awaiting response
LastPass: was not vulnerable

Note Intuit's general company statement which says some products, services, and Web sites were vulnerable but now have been fixed.
Intuit - Quicken: Online Investment Account

CNET
LastPass

Possibly
Vulneable

 

CONTACT
COMPANY

Login: login.quicken.com
CNET: Awaiting response
LastPass: Possibly vulneable, contact company.

Note Intuit's general company statement which says some products, services, and Web sites were vulnerable but now have been fixed.
Intuit - Quicken: Online Quicken Account

CNET
LastPass

no

no

Change
password
(to be safe)

quicken.intuit.com
CNET: Awaiting response
LastPass: was not vulnerable

Note Intuit's general company statement which says some products, services, and Web sites were vulnerable but now have been fixed.
Intuit - TurboTax

CNET
LastPass
CNN Money

no

no

Change
password
(to be safe)

turbotax.intuit.com
myturbotax.intuit.com
CNET: Awaiting response
LastPass: was not vulnerable
CNN Money: was not vulnerable

Note Intuit's general company statement which says some products, services, and Web sites were vulnerable but now have been fixed.
Morgan Stanley - Online account

LastPass

Possibly

 

Change
password

Main: www.morganstanley.com
Login: www.morganstanleyclientserv.com
PayPal

Mashable
CNET
LastPass

no

no

Nothing

www.paypal.com
PNC

Mashable
CNN Money
LastPass

no

no

Nothing

Main: www.pnc.com
Login: www.pnc.com AND www.onlinebanking.pnc.com
Raymond James

LastPass
Company
statement

no

no

Change
password
(to be safe)

Investor Access
Main: www.raymondjames.com
Login: investoraccess.rjf.com

Equity Research:
www.rjcapitalmarkets.com

Commission Management:
raymondjamescm.com

LastPass: For Investor Access and Equity Research: possibly vulneable, contact company. For Commission Management: not vulneable.

Raymond James statement: Raymond James took immediate action to protect its clients against this breach. Following the Department of Homeland Security’s advisory on Tuesday, the firm took measures to ensure that our applications and websites were secure. We have no reason to believe that any of our applications, including Investor Access, have been compromised in any way.
Scottrade

Mashable
CNN Money
LastPass

no

no

Change
password
to be safe

Main: www.scottrade.com

Mashable & CNN Money: vulneable

LastPass gave mixed results:
• www.scottrade.com: was possibly vulneable, now safe change password
• apply.scottrade.com: was possibly vulneable, now safe, change password
• trading.scottrade.com: Possibly vulneable, contact company
TD Ameritrade

Mashable
CNN Money
LastPass

no

no

Nothing

Main: www.tdameritrade.com and www.amtd.com

Login URLs:
• www.tdameritrade.com
• invest.ameritrade.com
• invest.tdameritrade.com
TD Bank

Mashable
LastPass

no

no

Nothing

Main: www.tdbank.com
Login URLs:
• onlinebanking.tdbank.com
• businessonline.tdbank.com
T. Rowe Price

Mashable
LastPass

no

no

Nothing

www.troweprice.com
Login URLs:
• individual.troweprice.com
• www2.troweprice.com
• www3.troweprice.com
• www4.troweprice.com
TIAA CREF

LastPass

Possibly

 

Change
password

Main: www.tiaa-cref.org
Login: publictools.tiaa-cref.org
TrasnUnion

LastPass
Agent

no

 

Nothing

Main: transunion.com
Login URLs:
• membership.tui.transunion.com
• tui.transunion.com
• member.trueidentity.com
• www.transunionplus.com

LastPass: some of the login URLs were possibly vulneable and to contact the company.

Customer service agent: "None of our systems were vulnerable."
U.S. Bank

Mashable
CNN Money
LastPass

no

no

Change
password
to be safe

www.usbank.com

Mashable and CNN Money: not vulneable

There were many login URLs, here are the LastPass results for some of them:

Not vulneable:
• onlinebanking.usbank.com
• www4.usbank.com
• usbank.visabuxx.com
• trustnowessentials.usbank.com
• apply.usbank.com

Was possibly vulnerable, now safe, change password:
• carenet.fnfismd.com
• www.account3000.com
Vanguard

Mashable
CNN Money
LastPass
Company statement

no

no

Nothing

Main: www.vanguard.com
Login URLs:
• investor.vanguard.com
• personal.vanguard.com

See the company statement, the main point being, "we're confident that Vanguard's websites are not, and have not been, subject to the Heartbleed vulnerability."
Venmo

Mashable
LastPass

YES

YES

Change
password

venmo.com
Wells Fargo

Mashable
LastPass
CNET
CNN Money

no

no

Nothing

Main: www.wellsfargo.com
Login URLs:
• www.wellsfargo.com
• online.wellsfargo.com
Xero

LastPass
Company
statement

no

no

Change
password
(to be safe)

Main: www.xero.com
Login: login.xero.com
Company statement (One of the best I've seen)
Games  [Return to category list]
Minecraft

Mashable
LastPass

YES

YES

Change
password

minecraft.net
Pogo

LastPass
Company
statement

Possibly

YES

Change
password

www.pogo.com
LastPass: Possibly vulnerable, contact comany.

Pogo Statement: "As soon as we became aware of Heartbleed, we began actively identifying and patching any vulnerable systems to ensure Pogo.com is secure. We have no reason to believe any passwords or personal information were stolen, but suggest erring on the side of caution and updating your Pogo password."
Gas / Electric  [Return to category list]
Consumers Energy

LastPass

no

no

Nothing

www.consumersenergy.com
DTE Energy

LastPass

Possibly

 

Change
password

Main: www.dteenergy.com
Login: www.dteenergy.com AND www2.dteenergy.com
Government and Taxes  [Return to category list]
1040.com

Mashable
LastPass

no

no

Nothing

Main: www.1040.com

Login: www.1040.com AND fileonline.1040.com
FileYourTaxes.com

Mashable
LastPass

no

no

Nothing

www.fileyourtaxes.com
H & R Block

Mashable
CNN Money
LastPass

no

no

Nothing

Main: www.hrblock.com
Login: idp.hrblock.com AND
loginrouter.hrblock.com
Healthcare.gov

Mashable
LastPass

Possibly

 

Change
password

www.healthcare.gov
LastPass: was likely vulnerable, now safe, change password.
CNN Money: The Health Department said "security protections prevent this vulnerability from occurring."
Intuit - TurboTax

Mashable
LastPass
CNN Money

no

no

Nothing

Main: turbotax.intuit.com
Login: myturbotax.intuit.com
CNET: Awaiting response
LastPass: was not vulnerable
IRS

Mashable
CNN Money
LastPass
IRS statement

no

no

Nothing

www.irs.gov
Two login URLs of MANY: sa.www4.irs.gov and
directpay.irs.gov

IRS statement, "Our systems continue operating and are not affected by this bug, and we are not aware of any security vulnerabilities related to this situation. We continue to monitor the situation and remain in contact with our software partners."

Note that they are not 100% sure, especially with their software partners.
TaxACT

Mashable
LastPass

no

no

Nothing

Main: www.taxact.com
Login: www.taxactonline.com
USAA

Mashable
LastPass

YES

YES

Change
password

www.usaa.com
Health / Medical [Return to category list]
Health Warehouse

LastPass

Possibly

 

Change
password

www.healthwarehouse.com
MyHealthInfo - Munson Healthcare

LastPass

Possibly

YES

Change
password

Main: www.munsonhealthcare.org/myhealthinfo
Login: myhealthinfo.iqhealth.com AND cernerhealth.com
Mixed results from LastPass:
• myhealthinfo.iqhealth.com: was possibly vulneable, now safe, change password
• cernerhealth.com: was possibly vulneable, now safe, change password
Insurance [Return to category list]
Aetna

LastPass

Possibly

 

Change
password

Main: www.aetna.com
Login: member.aetna.com
Allstate

LastPass

Possibly

 

Change
password

www.allstate.com
Auto Owners

LastPass

Possibly

 

Change
password

Main: www.auto-owners.com
Login: customercenter.auto-owners.com
Blue Cross / Blue Shield of Michigan

LastPass

Possibly

 

Change
password

Main: www.bcbs.com
Login: member.bcbsm.com
Delta Dental - General

LastPass

no

no

Nothing

Main: www.deltadental.com
Login: login-wsprod.deltadental.com
Delta Dental - Michigan

LastPass

Possibly
Vulneable

 

CONTACT
COMPANY

Main: www.deltadentalmi.com
Login: www.toolkitsonline.com
Farmers

LastPass

Possibly

 

Change
password

www.farmers.com
Geico

LastPass
Company
statement

no

no

Change
password
(to be safe)

Main: www.geico.com
Login: www.geico.com and ecams.geico.com
Statement
LastPass: www.geico.com was possibly vulnerable, change password. ecams.geico.com is possibly vulnerable, contact company.

Gieco's statement: GEICO's Information Security team has performed a thorough review of our online systems and have verified that they are not susceptible to the Heartbleed bug. Even so, we continue to monitor the information on Heartbleed to ensure our systems and your information remain properly protected. Change your passwords periodically to be safe.
Humana

LastPass

no

no

Nothing

www.humana.com
Humana One

LastPass

Possibly

 

Change
password

Main: www.humana-one.com
Login: oc.humana-one.com and
info.humana-one.com
Liberty Mutual

LastPass

Possibly

 

Change
password

Main: www.libertymutual.com
Login: eservice.libertymutual.com
MetLife

LastPass

Possibly

 

Change
password

www.metlife.com
Priority Health of Michigan

LastPass

no

no

Nothing

Main: www.priorityhealth.com
Progressive

LastPass

no

no

Nothing

Main: www.progressive.com
Login: onlineservice7.progressive.com
State Farm

LastPass

Possibly

 

Change
password

Main: www.statefarm.com
Login: www.statefarm.com and online2.statefarm.com
Travelers

LastPass

no

no

Nothing

www.travelers.com
Media / News / Sports  [Return to category list]
Benzie County Record Patriot (and any of the Pioneer Group's newspapers)

LastPass
Company
technician

YES

YES

CONTACT
COMPANY

Main: news.pioneergroup.com/recordpatriot
Login: news.pioneergroup.com

LastPass: Was possibly vulnerable, cannot be sure, contact company.

Company technician: "Our server was vulnerable, but it was patched immediately after the bug was announced."

But it is unclear is the company is safe, as the SSL certificates are old (have not been revoked and renewed since the patch was put into place).
Bleacher Report

CNET
LastPass

Possibly

 

Change
password

bleacherreport.com
CNET: Awaiting response
LastPass: now safe, change password
BuzzFeed

CNET
LastPass

Possibly

YES

Change
password

CNET: Awaiting response.
LastPass: Now safe, change your password.
CBS Sports

CNET
LastPass

no

no

Nothing

www.cbssports.com
CNET: not vulnerable
LastPass: Was possibly vulnerable, contact company.
Chicago Tribune

LastPass

Possibly

 

Change
password

www.chicagotribune.com
CNN

CNET

no

no

Nothing

www.cnn.com
(Could not determine login URL)
Daily Mail

CNET
LastPass

Possibly

 

Change
password

www.dailymail.co.uk
CNET: Awaiting response
LastPass: now safe, change password
Drudge Report

CNET

Unknown

 

CONTACT
COMPANY

Main: www.drudgereport.com
Login site: not found
CNET: Awaiting response
Espn.go.com

CNET
LastPass

YES

YES

Change
password

espn.go.com
Forbes

CNET
LastPass

no

no

Nothing

Main: www.forbes.com
Login: blogs.forbes.com
CNET: not vulnerable
LastPass: Was possibly vulnerable, contact company.
Fox News

CNET
LastPass

no

no

Change
password
to be safe

www.foxnews.com
CNET: was not vulnerable
LastPass: was possibly vulnerable, now safe, change password.
Huffington Post

CNET
LastPass

Possibly

YES

Change
password

CNET: Awaiting response.
LastPass: fixed and OK to change password.
LA Times

LastPass

Possibly

 

Change
password

Main: www.latimes.com
Login: www.latimes.com (now safe, change password) and myaccount2.latimes.com (tot vulnerable)
Mashable

LastPass

Possibly

 

Change
password

mashable.com
Morning Star Publishing – Grand Traverse Insider, Morning Sun, The Kalkaskian, and The Leader – place an ad

LastPass

Possibly

 

Change
password

Main: www.morningstarpublishing.com
Login: morningstarclassifieds.kaango.com
MSN

CNET
Mashable
LastPass

no

no

Nothing

A Microsoft site.
Main: www.msn.com
Login: login.live.com

Mashable: "Microsoft services were not running OpenSSL, according to LastPass.
NBC News

CNET
LastPass

Possibly

 

Change
password

secure.nbcnews.com
CNET: Awaiting response
LastPass: Possibly vulnerable, safe to change password
NYTimes

CNET
LassPass
Agent

Possibly

 

Change
password

Main: www.nytimes.com
Login: myaccount.nytimes.com

CNET: Awaiting response.

LastPass: Possibly vulnerable, contact company.

Agent: "Most of our internal sytems and infrastructure are not at risk because we do not use the version of OpenSSL that has been identified as vulnerable. Moreover, we contacted our third party providers that may have been at risk to assure adequate security has been restored to their systems."

So, because some of their third party providers were at risk but are now safe, it's best to change your password with this company.
Reddit

CNET
LastPass

YES

YES

Change
password

Main: www.reddit.com
Login: ssl.reddit.com
Sporting News

LassPass

Possibly

 

Change
password

www.sportingnews.com
Traverse City Record Eagle

LassPass

Possibly

 

Change
password

www.record-eagle.com

LastPass: Unable to extract SSL information.
TMZ

CNET
LassPass

Possibly

 

Change
password

www.tmz.com

CNET: Awaiting response

LassPass: Possibly vulnerable, now safe, change password.
USA Today

CNET
LassPass

no

no

Nothing

Main: www.usatoday.com
Login: offers.usatoday.com

CNET: Not vulnerable

LassPass: Possibly vulnerable, contact company.
Wall Street Journal

CNET
LassPass
Agent

Possibly

 

Change
password

Main site: online.wsj.com
Login: id.wsj.com

CNET: Awaiting response

A customer service agent provided this non-answer, "Please be assured that Dow Jones is aware of the matter and quickly took steps to address the issue. We're not aware of any impact to our customers. We continue to closely monitor the situation, your privacy is of the utmost importance to us."

I wrote back asking for a real answer, such as, "were you vulnerable?" They have yet to reply. From the response they did provide, they clearly were vulnerable.

LassPass: Was possibly vulnearble, now safe to change password.
Washington Post

CNET
LassPass

YES

YES

Change
password

Main: www.washingtonpost.com
Login: account.washingtonpost.com
Movies, Videos, TV Shows  [Return to category list]
Blockbuster

LastPass

Possibly

 

Change
password

www.blockbuster.com
Fandango

LassPass

no

no

Nothing

www.fandango.com
Flixster

LastPass
Agent

no

 

Change
password

www.flixster.com

LastPass: Possibly vulneable, but is now safe, change your password.

Customer service agent: "Flixster and Rotten Tomatoes were not affected by the heartbleed bug. If you're concerned about account security, you can change your password on the Account page when logged in on the Flixster website."
Hulu

Mashable
CNET
LastPass

no

no

Nothing

Main: www.hulu.com
Login: secure.hulu.com
IMDb

CNET
LastPass

no

no

Change
password
to be safe

Main:www.imdb.com
Login: secure.imdb.com
CNET: not vulneable
LastPass: Possibly vulneable, now safe, change password
Metacritic

LastPass

Possibly

 

Change
password

Main: www.metacritic.com
Login: secure.metacritic.com
Moviefone

LastPass

no

no

Nothing

An AOL company
Main: www.moviefone.com
Login: api.screenname.aol.com
Netflix

Mashable
CNET
LastPass

YES

YES

Change
password

www.netflix.com
Roku

LastPass
Company
statement

YES

YES

Change
password

Main: www.roku.com
Login: owner.roku.com
LassPass: Possibly vulnearble, contact company.

Company statement on their forum, 4-11-14: "After a thorough review of our implementation of OpenSSL we have verified that Roku does not implement any of the OpenSSL versions identified as being vulnerable to 'Heartbleed' per the US-CERT Alert (CVE-2014-0160). However, some of our vendors who handle information collected through our platform may have implemented the affected OpenSSL versions. We have contacted our vendors and they have disclosed to us that they have patched their systems and have taken appropriate counter-measures. We will continue to monitor and respond to this situation so as to minimize the potential risk to our customers."
Rotten Tomatoes

LastPass
Agent

no

 

Change
password

A Flixster compnay.
www.rottentomatoes.com

LastPass: Possibly vulneable, contact the company.

Customer service agent: "Flixster and Rotten Tomatoes were not affected by the heartbleed bug. If you're concerned about account security, you can change your password on the Account page when logged in on the Flixster website."
Vimeo

CNET
LastPass

YES

YES

Change
password

vimeo.com
Vudu

LastPass

Possibly

 

Change
password

www.vudu.com
YouTube

Mashable
CNET
LastPass

YES

YES

Change
password

And for ALL Google services.

Main: www.youtube.com
Login: accounts.google.com

Google spokesperson said in an emailed statement, 'We have assessed the SSL vulnerability and applied patches to key Google services."
Music-related  [Return to category list]
CD Baby

LastPass

Possibly

 

Change
password

www.cdbaby.com
Finale music software — online account

LastPass

no

no

Change
password
to be safe

Main: www.finalemusic.com
Login: store.makemusic.com
Grooveshark

LastPass

Possibly

 

Change
password

grooveshark.com
iTunes Store

LastPass

no

no

Nothing

An Apple service.
Login: itunes.apple.com
MOG

LastPass
Agent

no

no

Nothing

mog.com

LastPass: Possibly was vulnerable, we cannot tell.

Agent: "We were not vulnerable to the Heartbleed bug and per our 3rd party partners, they also were not at risk. It should be completely safe for you to change/update your password on the MOG service, if so desired."
MySpace

LastPass

Possibly
Vulneable

 

CONTACT
COMPANY

myspace.com

LastPass: Unable to get HTTP headers for myspace.com. Was possibly vulnerable, contact company.
Pandora

Mashable
CNET
LastPass

no

no

Nothing

www.pandora.com
Mashable and CNET say not vulnerable.
LastPass: possibly vulnerable, contact company.
Rdio

LastPass

Possibly

 

Change
password

www.rdio.com
Sirius XM Satellite Radio

LastPass

Possibly

 

Change
password

Main: www.siriusxm.com
Login: care.siriusxm.com
SoundCloud

Mashable
LastPass

YES

YES

Change
password

soundcloud.com
Spotify

LastPass
Agent

Possibly

 

Change
password

www.spotify.com

Agent – "Tthere shouldn't be any need for worry at this stage. We've done a thorough investigation of potential vulnerabilities, and as always we're taking the necessary steps to ensure the security of your Spotify account."

LastPass: Was possibly vulnerable, but now safe; change paswsord.
Password Managers  [Return to category list]
1Password

Mashable

no

no

Nothing

agilebits.com/onepassword
(No login URL found at the site to check with LastPass)
Dashlane

Mashable
LastPass

YES

YES

Change
password
to be safe

www.dashlane.com
Mashable: Users' accounts were not impacted and the master password is safe.
LastPass: Was possibly vulnerable, but now safe; change password.

See also, the company statement about "Dashlane safe from new OpenSSL CCS injection vulnerability."
LastPass

Mashable
LastPass
Company statement

YES

YES

Nothing

lastpass.com
Mashable: Users don't need to change their master passwords because they're never sent to the server.

Their company statement here essentially says, users don't need to change their master passwords.

LastPass Checker: Was possibly vulnerable, but now safe; change password.
Photo-related  [Return to category list]
AdoramaPix

LastPass

no

no

Nothing

www.adoramapix.com
Flickr

Mashable
CNET
LastPass

YES

YES

Change
password

And for ALL Yahoo services
Main: www.flickr.com
Login: www.flickr.com AND login.yahoo.com
Getty Images - Buyers

LastPass

no

no

Nothing

Main: www.gettyimages.com
Login: secure.gettyimages.com
Getty Images - Contributors

LastPass

no

no

Nothing

Login: contributors.gettyimages.com
Shutterfly

LastPass

Possibly

 

Change
password

www.shutterfly.com
Snapfish (by HP)

LastPass
Company
statement

Possibly

 

Change
password

www.snapfish.com
LassPass: Was possibly vulnearble, now safe, change password.
General company statement from HP – applies to many HP products, services, and Web sites.
Real Estate  [Return to category list]
For Sale by Owner

LastPass

Possibly

 

Change
password

www.forsalebyowner.com
Realtor.com

LastPass

Possibly

 

Change
password

www.realtor.com
8/2014 – They apparently changed servers from OpenSSL to Microsoft, and are now safe. But they likely were vulnerable before the change. Change password to be safe.
Trulia

CNET
LastPass

no

no

Change
password
to be safe

www.trulia.com
CNET: not vulnearble
LassPass: Was possibly vulnearble, now safe, change password.
Zillow

CNET
LastPass

no

no

Change
password
to be safe

www.zillow.com
CNET: not vulnearble
LassPass: Was possibly vulnearble, now safe, change password.
Reference Sites  [Return to category list]
About

CNET

no

no

Nothing

www.about.com
Could not find a login URL
Ancestry.com

LastPass

no

no

Nothing

Main: www.ancestry.com
Login: secure.ancestry.com
Dictionary.com / Reference.com

CNET
LastPass

no

no

Nothing

Main: dictionary.reference.com AND dictionary.reference.com
www.reference.com
Login: app.dictionary.com
CNET: not vulnearble
LastPass: Was possibly vulnearble, contact company.
wikiHow

CNET
LastPass

no

no

Change
password
to be safe

www.wikihow.com
CNET: not vulnearble
LastPass: Was possibly vulnearble, now safe, change password.
Wikipedia (if you have an account there)

Mashable
CNET
LastPass
Company statement

YES

YES

Change
password

Main: wikipedia.org
Login (English): en.wikipedia.org

See company statement here.
Retail / Shopping / Commerce  [Return to category list]
Adorama

LastPass

no

no

Nothing

www.adorama.com
Altrec

LastPass

Possibly

 

Change
password

www.altrec.com
secure.altrec.com
LastPass: Was possibly vulnearble, now safe, change password.
Amazon

Mashable
CNET
LastPass

no

no

Nothing

www.amazon.com
Mashable and CNET: "Amazon.com is not affected."
LastPass: not vulnearble.
Bass Pro Shops

LastPass

Possibly

 

Change
password

www.basspro.com
Best Buy

CNET
LastPass

Possibly

 

Change
password

Main: www.bestbuy.com
Login: www-ssl.bestbuy.com
CNET: Awaiting response
Blair / Sahalie

LastPass

Possibly

 

Change
password

Main: www.blair.com
Login: www.blair.com

Main: www.sahalie.com
Login: sahalie.blair.com
Blue Mountain

LastPass

Possibly

 

Change
password

www.bluemountain.com
Cabela's

LastPass

YES

 

Change
password

www.cabelas.com
CDW

LastPass

Possibly

 

Change
password

www.cdw.com
Costco

LastPass

Possibly

 

Change
password

www.costco.com
Dillard's

CNET
LastPass

no

no

Nothing

www.dillards.com
eBay

Mashable
CNET
LastPass
eBay Notice

no

no

Change
password
due to other cyber attack

www.ebay.com
signin.ebay.com

Mashable, CNET, and LastPass all say eBay was not vulnerable to the Heartblleed bug and nothing needs to be done.

HOWEVER, on 5/21/14, eBay announced we all need to change our passwords with them due to a separate cyber attack on their password database. See more here.
eToys

LastPass

Possibly

 

Change
password

www.etoys.com
Etsy

Mashable
CNET

YES

YES

Change
password

 
Fedco Electonics

LastPass

Possibly
Vulneable

 

CONTACT
COMPANY

Main: www.fedcoelectronics.com
Login: access.fedcoelectronics.com
Fry's (& Outpost)

LastPass

Possibly

 

Change
password

Main: www.frys.com
Login: shop4.frys.com
Gander Mountain

LastPass

Possibly

 

Change
password

Main: www.gandermountain.com
Login: www.gandermountain.com AND secure.gandermountain.com

LastPass:
www.gandermountain.com: Was possibly vulnearble, now safe, change password.
• secure.gandermountain.com: Was possibly vulnearble, now safe, change password.
Griffin Technologies

LastPass

Possibly

 

Change
password

Main: griffintechnology.com
Login: store.griffintechnology.com
Groupon

Mashable
CNET
LastPass

no

no

Nothing

www.groupon.com
Hallmark (Greeting Cards)

LastPass

no

no

Nothing

www.hallmark.com
Harbor Freight Tools

LastPass

Possibly

 

Change
password

Main: www.harborfreight.com
Login: shop.harborfreight.com
Herrschners

LastPass

no

no

Nothing

www.herrschners.com
Home Depot

CNET
LastPass

Possibly

 

Change
password

Main: www.homedepot.com
Login: secure2.homedepot.com
CNET: Awaiting response
LastPass: now safe, change password
Jacquie Lawson

LastPass

Possibly

 

Change
password

www.jacquielawson.com
JC Penney

LastPass

Possibly

 

Change
password

www.jcpenney.com
Kmart

LastPass

Possibly

 

Change
password

www.kmart.com
Kohl's

LastPass

Possibly

 

Change
password

www.kohls.com
Lands End

LastPass

Possibly

YES

Change
password

www.landsend.com
L L Bean

LastPass

Possibly

 

Change
password

www.llbean.com
Living Social

LastPass

Possibly
Vulneable

 

CONTACT
COMPANY

Main: www.livingsocial.com
Login: login.livingsocial.com
Lowe's

LastPass

Possibly

 

Change
password

www.lowes.com
MacConnection

LastPass

no

no

Nothing

www.macconnection.com
MacMall

LastPass

Possibly

 

Change
password

www.macmall.com
Macy's

LastPass

Possibly

 

Change
password

www.macys.com
Meijer

LastPass

no

no

Nothing

Main: www.meijer.com
Login: accounts.meijer.com
Menards

LastPass

Possibly

 

Change
password

www.menards.com
MyPoints

CNET
LastPass

Possibly

 

Change
password

www.mypoints.com
CNET: not vulnerable
LastPass: was possibly vulnerable, now safe, change password
Nordstrom

Mashable
LastPass

no

no

Nothing

Main: shop.nordstrom.com
Login: secure.nordstrom.com
Northern Tool & Equipment

LastPass

Possibly

 

Change
password

www.northerntool.com
Office Depot

LastPass

Possibly

 

Change
password

www.officedepot.com
Office Max

LastPass

Possibly

 

Change
password

www.officemax.com
Peachtree Woodworking Supply

LastPass

no

no

Nothing

Main: www.ptreeusa.com
Login: shop6.mailordercentral.com
PC Connection

LastPass

no

no

Nothing

www.pcconnection.com
PC Mall

LastPass

Possibly

 

Change
password

www.pcm.com
Pottery Barn

LastPass

Possibly

 

Change
password

Main: www.potterybarn.com
Login: secure.potterybarn.com
QVC

LastPass

Possibly

 

Change
password

www.qvc.com
REI

LastPass

Possibly

 

Change
password

www.rei.com
Sam's Club

LastPass

Possibly

 

Change
password

www.samsclub.com
Sears

LastPass

Possibly

 

Change
password

www.sears.com
Small Dog Electronics

LastPass

Possibly

 

Change
password

Main: www.smalldog.com
Login: checkout.smalldog.com
Staples

LastPass

Possibly

 

Change
password

www.staples.com
Target

Mashable
CNET
LastPass

no

no

Nothing

Main: www.target.com
Login: www-secure.target.com
Toyota Owners

LastPass

Possibly

 

Change
password

Main: www.toyota.com/owners
Login: www.toyota.com
Toys R Us

LastPass

Possibly

 

Change
password

www.toysrus.com
Vistaprint.com

LastPass

Possibly

 

Change
password

Main: www.vistaprint.com
Login: secure.vistaprint.com
Walmart

Mashable
LastPass

no

no

Nothing

www.walmart.com
Woodcrafter.com

LastPass

no

no

Nothing

www.woodcrafter.com
Zappos.com

LastPass

Possibly

 

Change
password

www.zappos.com
secure-www.zappos.com
Zones - MacZone, PCZone

LastPass

no

no

Nothing

Main: www.zones.com
Login: www.zones.com
Shipping Services  [Return to category list]
Federal Express

CNET
LastPass

no

no

Change
password
to be safe

www.fedex.com
CNET: not vulnerable
LastPass: was possibly vulnerable, now safe, change password
UPS

CNET
LastPass

no

no

Change
password
to be safe

www.ups.com
CNET: not vulnerable
LastPass: was possibly vulnerable, now safe, change password
USPS

CNET
LastPass

YES

YES

Change
password

Main: www.usps.com
Login: reg.usps.com
CNET: was possibly vulnerable, now safe, change password.
LastPass: was possibly vulnerable, contact company
Social Networks & Media  [Return to category list]
BlackBerry ID

LastPass

Possibly

 

Change
password

Main: us.blackberry.com
Login: blackberryid.blackberry.com
BlackBerry products

Company
statement

Possibly
Vulneable

 

CONTACT
COMPANY

BlackBerry smartphones were not affected, but many software produtcs were. See the BlackBerry company statement for the details about the vulnerability of their various products.
Blogger / Blogspot

CNET
LastPass

Possibly

YES

Change
password

A Google service.
Classmates

CNET
LastPass

Possibly

 

Change
password

Main: www.classmates.com
Login: secure.classmates.com
CNET: not vulnerable.
LastPass: was possibly vulnerable, now safe, change password
Facebook

Mashable
CNET
LastPass

Unclear

YES

Change
password

www.facebook.com
Flipboard app

LastPass

Likely

 

Change
password

Main: www.flipboard.com
Login URLs: flipboard.com, cdn.flipboard.com (but via their app, not the Web site.
Foursquare

LastPass

Possibly

 

Change
password

foursquare.com
HootSuite

CNET
LastPass

Possibly

 

Change
password

hootsuite.com
CNET: not vulnerable.
LastPass: was possibly vulnerable, now safe, change password
Instagram

Mashable
CNET
LastPass

YES

YES

Change
password

instagram.com
LinkedIn

Mashable
CNET
LastPass

no

no

Nothing

www.linkedin.com
Mashable: "We didn't use the offending implementation of OpenSSL in www.linkedin.com or www.slideshare.net. As a result, Heartbleed does not present a risk to these web properties."
LastPass: not vulnerable.
Pinboard

CNET
LastPass

YES

YES

Change
password

www.pinboard.in
Pinterest

Mashable
CNET
LastPass

YES

YES

Change
password

www.pinterest.com
Slideshare

Mashable
LastPass

no

no

Nothing

slideshare.net
Mashable: "We didn't use the offending implementation of OpenSSL in www.linkedin.com or www.slideshare.net. As a result, Heartbleed does not present a risk to these web properties."
LastPass: possibly vulnerable, contact company
Tumblr

Mashable
CNET
LastPass

YES

YES

Change
password

And for ALL Yahoo services.
www.tumblr.com
Twitter

Mashable
CNET
CNN Money
LastPass

no

YES

Change
password
(to be safe)

twitter.com
vine.co
CNET: was not vulnerable
CNN Money: was not vulnerable
Mashable: Change password to be safe
LastPass: Change password to be safe
Vine

LastPass

Possibly

 

Change
password

vine.co
A Twitter Web site and app
Wikia

CNET
LastPass

YES

YES

Change
password

www.wikia.com
Wordpress.com (the free blog site)

Mashable
LastPass

YES

YES

Change
password

Wordpress.com
Travel  [Return to category list]
AAA Motor Club - Michigan

LastPass

no

no

Nothing

michigan.aaa.com
Airbnb

CNN Money
LastPass

YES

 

Change
password

www.airbnb.com
American Airlines

LastPass

Possibly

 

Change
password

Main: www.aa.com
Login: www.aa.com
Amtrak

LastPass

Possibly

 

Change
password

Both of these may be used:
www.amtrak.com
tickets.amtrak.com
Cheap Tickets

LastPass

Possibly

 

Change
password

www.cheaptickets.com
Delta Airlines

LastPass

Possibly

 

Change
password

www.delta.com
Expedia

LastPass

Possibly

 

Change
password

www.expedia.com
Jet Blue

LastPass

Possibly

 

CONTACT
COMPANY

Main: www.jetblue.com
Login — mixed results:
• book.jetblue.com: was unsafe, now safe, change password
• trueblue.jetblue.com: possibly unsafe, unable to extract SSL information
Kayak

LastPass

Possibly

 

Change
password

Main: www.kayak.com
Login: www.kayak.com
Orbitz

CNET
LastPass

Possibly

 

Change
password

www.orbitz.com
CNET: not vulnerable.
LastPass: was possibly vulnerable, now safe, change password
Priceline.com

LastPass
Agent

Possibly

 

Change
password

www.priceline.com

LastPass: possibly vulneable, now safe, change password..

A customer service agent provided this answer, "We do use Secure Socket Layer (SSL) technology to encrypt all personal information. But our website and mobile application have never been affected by the Heartbleed bug. Please feel free to use our website or mobile application."
Southwest Airlines

LastPass

Possibly

 

Change
password

www.southwest.com
Travelocity

LastPass

Possibly

 

Change
password

www.travelocity.com
Travel Zoo

LastPass

Possibly

 

Change
password

Main: www.travelzoo.com
Login: ssl.travelzoo.com
TripAdvisor

CNET

Possibly

LastPass

Change
password

www.tripadvisor.com
CNET: not vulnerable.
LastPass: was possibly vulnerable, now safe, change password
United Airlines

LastPass

Possibly

 

Change
password

www.united.com
US Airways

LastPass

no

no

Nothing

Main: www.usairways.com
Login: membership.usairways.com
Weather-related  [Return to category list]
AccuWeather

LastPass

no

no

Nothing

Main: www.accuweather.com
Login: wwwl.accuweather.com
Weather Channel

CNET
LastPass

YES

YES

Change
password

Main: www.weather.com
Login: profile.weather.com
Weather Underground

LastPass
Agent

no

no

Nothing

www.wunderground.com
LastPass: was possibly vulneable, now safe, change password.
Customer service agent said, "they were not vulnerable."
MISCELLANEOUS  [Return to category list]
Ask

LastPass

Possibly

 

Change
password

www.ask.com
Answers

CNET
LastPass

no

no

Nothing

www.answers.com
CNET: not vulnerable.
LastPass: possibly vulnerable, contact company
AWeber

CNET
LastPass

Possibly

 

Change
password
to be safe

www.aweber.com
CNET: not vulnerable.
LastPass: was possibly vulnerable, now safe, change password
Black & Decker / Bostitch / Delta / DeWalt / Porter Cable — ServiceNet Tool Center

LastPass

no

no

Nothing

servicenet.dewalt.com
Braeside Displays

LastPass

no

no

Nothing

www.braesidedisplays.com
CNET

CNET
LastPass

Possibly

 

Change
password
to be safe

www.cnet.com
CNET: not vulnerable.
LastPass: was possibly vulnerable, now safe, change password
Constant Contact

CNET
LastPass

Possibly

 

Change
password
to be safe

Main: www.constantcontact.com
Login: login.constantcontact.com
CNET: not vulnerable.
LastPass: was possibly vulnerable, now safe, change password
Craigslist

LastPass
CNET

Possibly

YES

Change
password

Main: craigslist.org
Login accounts.craigslist.org
CNET: Awaiting response
LastPass: Was possibly vulnerable, now safe, change password.
CreateSpace

LastPass
Agent

no

no

Change
password
to be safe

www.createspace.com
LastPass: Was possibly vulnerable, now safe, change password.
Agent: "CreateSpace is not affected by this issue
Evernote

Mashable
LastPass

no

no

Nothing

evernote.com
Freecycle

LastPass

Possibly

 

Change
password

Main: www.freecycle.org
Login: my.freecycle.org
LastPass: Possibly vulnerable, and unable to extract SSL information.
Free Patents Online

LastPass

Possibly
Vulneable

 

CONTACT
COMPANY

www.freepatentsonline.com
LastPass: Was possibly vulnerable, Unable to extract SSL information.
Indeed

CNET
LastPass

Possibly

 

Change
password

secure.indeed.com
CNET: Awaiting response
LastPass: now safe, change password
Kickstarter

LastPass

Possibly

 

Change
password

www.kickstarter.com
LifeLock – enroll and manage your LifeLock membership

LastPass
Company
statement

no

no

Nothing

Main: www.lifelock.com
Login: secure.lifelock.com
LastPass: possibly vulneable, contact company.

Company statement on their Facebook page, from a 4/11/14 post: "Are you a LifeLock member concerned about the HeartBleed Web security flaw? The secure LifeLock site where you enroll and manage your LifeLock membership was not running the flawed software, so your data was not exposed. We reviewed our other services and made updates where necessary. But we know that many people use the same passwords on multiple sites. If you do, please change your LifeLock password in case it was compromised on another site."
LifeLock – other services

Company
statement

Possibly

 

Change
password

LinkShare

LastPass

Possibly

 

Change
password

Main: www.linkshare.com
Login: login.linkshare.com
MapQuest

CNN Money
LastPass

no

no

Nothing

Main: www.mapquest.com
Login: accounts.mapquest.com
LastPass: contact company
CNN Money: the site was not vulnerable.
Outbrain

CNET
LastPass

YES

YES

Change
password

Main: www.outbrain.com
Login: my.outbrain.com
National Geographic Online

LastPass

Possibly

 

Change
password

www.nationalgeographic.com
PayScale

CNET
LastPass

no

no

Nothing

www.payscale.com
Publishers Clearing House

CNET
LastPass

no

no

Nothing

Main: www.pch.com
Login: spectrum.pch.com
CNET: Awaiting response
LastPass: was not vulnerable
Rosetta Stone

LastPass

Possibly

 

Change
password

Main: www.rosettastone.com
Login: totale.rosettastone.com
The Pirate Bay

CNET
LastPass

YES

YES

Change
password

thepiratebay.se
CNET: Awaiting response
LastPass: now safe, change password
Wunderlist

Mashable
LastPass

YES

YES

Change
password

www.wunderlist.com
Yelp

CNET
LastPass

YES

YES

Change
password

www.yelp.com
Zedo

CNET
LastPass

no

no

Change
password
to be safe

Main: www.zedo.com
Login: target.zedo.com
CNET: Not vulnerable
LastPass: Was possibly vulnerable, now safe, change password
ZEDO Ad Network

LastPass

Possibly

 

Change
password

www.zedoadnetwork.com
Zip.pro  

Unknown

 

CONTACT
COMPANY

Main: zip.pro
Login: myaccount.zip.pro
Status unknown as the "My Account section of Zip.pro is currently undergoing renovation. We will re-launch soon." Try again later.
(myaccount.zip.pro ???)
Zoom Info

LastPass

Possibly
Vulneable

 

CONTACT
COMPANY

www.zoominfo.com
LastPass: Possibly vulneable and unable to extract SSL information