When the world found out about the Heartbleed bug, cybersecurity specialists called it “catastrophic” in a way the Internet had never seen. Thank god they got that bug patched up in a matter of a day or two. Oh, wait, never mind.
As it turns out, 97 percent of the 2,000 largest publicly traded companies in the world are still vulnerable to Heartbleed, according to a new report from Venafi, a cybersecurity firm. For the report, they scanned 550,000 hosts, and found that 460,000 were still Heartbleed vulnerable.
“When the Heartbleed vulnerability was discovered in March, many organizations scrambled to patch the bug, but failed to take all of the necessary steps to fully remediate,” the report says.
Heartbleed is a bug in OpenSSL that surfaced in late March after going unnoticed for months. It allows hackers to query private information from the affected servers, which accounted for about two thirds of the entire Internet. A patch was quickly issued, but as the report shows, the IT guys that were hired to fix the bug mostly just installed the new patch without also getting rid of the old, buggy private keys. Any company that didn’t take that extra step is still vulnerable.
So what can you do? Since changing your password won’t do you any good, you could always switch over to secure messaging apps, encrypt your data or just go off the grid entirely. If you’re one of the still-affected companies or lazy IT professionals: thanks.