Heartbleed, a security bug in OpenSSL discovered by Google’s security team on 1 April 2014, has yet to be patched by more than half of the affected servers.
The bug Heartbleed discovered in OpenSSL, used by approximately 17% of the internet, has left millions of passwords and private keys along with private data exposed to cyber-attacks and interception by third parties.
Since its discovery in April, many websites have patched their servers in order to protect users’ privacy.
Despite many of the servers being patched, over 300,000 remain vulnerable to attacks.
“When the Heartbleed vulnerability was announced, we found 600k systems vulnerable. A month later, we found that half had been patched, and only 300k were vulnerable. Last night, now slightly over two months after Heartbleed, we scanned again, and found 300k (309,197) still vulnerable,” said Robert Graham, security researcher for Errata Security, on his website.
Graham believes that those hosting the servers have decided to stop patching them.
“We should see a slow decrease over the next decade as older systems are slowly replaced. Even a decade from now, though, I still expect to find thousands of systems, including critical ones, still vulnerable,” says Graham.
In order to protect your private data, it is recommended that passwords are changed frequently. You can also see if a website you use is still vulnerable by using security software company McAfee’s free Heartbleed test.