Union Plus

Union Plus is brought to you by Union Privilege, established by the AFL-CIO to provide consumer benefits to members and retirees of participating labor unions. Learn More
Don't miss out on valuable offers! Learn about all your eligible benefits by providing your union information Never Show Again Close
Union Plus
Union Benefits Locator

Tell us who you are

Select Your Union

Select Your Occupation

Union Members & Families: Get Special Union Deals Now! Never Show Again Close
Union Plus
Union Members & Families: Get Special Deals Now!
Fill in below to take advantage of special union discounts and benefits

Select Your Union:

Select Your Occupation

Are You a Union Plus Cardholder?

View Privacy Policy

Heartbleed Bug: What union members need to know

Posted on April 11, 2014
  • print
Heartbleed_big

Data security seems to stay in the news. The Heartbleed Bug comes only months after data breaches at Target, where the credit card and security card information of 70 million customers were stolen, and the University of Maryland, where more than 300,000 personal records were compromised.

Why is everyone talking about a Heartbleed Bug? With a name like "Hearbleed," it must really bad, right? Well, actually, it really is.

In a nut shell, websites that have been saving passwords, credit card numbers, addresses, and other forms of personal information may not be very good at keeping information private. The cause is a flaw in the OpenSSL Software (which protects a lot of websites) that allows anyone on the Internet to read the memory of an OpenSLL Software protected website.

To keep your information safe, here's what the Heartbleed Bug is and what to do about it. Also, to keep your identity safe, here are some best practices you can do to protect yourself and family members against identity theft.

 

What is the Heartbleed Bug, anyway?

Without going too in-depth into technical jargon (here is a great website for that information), websites need to send data that users want to keep secure, such as sending emails or instant messages. A website will encrypt that data, making the data in this secure line unreadable to anyone except the recipient.

However, one computer is able to check whether or not the secure line is open between another computer by sending out a small packet of data what's known as a "heartbeat" requesting a response. Researchers have found that it is possible to manipulate this data to solicit sensitive information from another computer.

What's worse:

  • This flaw has been in the code for more than two years
  • Using a "heartbeat" leaves no trace
  • The flaw allows hackers to steal encryption keys, exposing the data of secure lines

 

What you should do:

  1. Be smart. Assume your accounts may have been compromised, and make sure to change passwords.
  2. Be vigilant. Many websites still have not upgraded to SLL software without the bug. Therefore, immediately changing your password may not be a permanent solution. To check, use this Hearbleed test.
  3. Be up-to-date. Read more at the Heartbleed Bug website.

Explore Union Plus