Information for Heartbleed security vulnerability
What is happening?
You may have heard about a serious Internet security bug called Heartbleed. The bug allows an attacker to read small chunks of information, which might contain usernames and passwords, from vulnerable systems. The University remote access VPN system had this bug and was immediately patched when it came to light. There are no other known internal systems with the vulnerability. There has been no evidence of any breach affecting any University systems.
Many external systems, including common services such as Facebook and Gmail, were vulnerable. A detailed list of popular services can be found at the end of this message including information on whether or not they were subject to the vulnerability.
What should you do?
If you use any of the external services affected then you should change your password to protect your own privacy.
If you have used your University username and password for any of the websites below then you must change your University password. This is essential as your username and password could be used to access your University email account and other services thus exposing personal data of yours and others.
You should maintain good password discipline by:
- Using different passwords for each system that contains sensitive data.
- Only ever using your University password for University systems. Never using your University password for any external websites.
- Use different passwords for different websites
- Regularly changing your passwords
In order to change your University password please copy and paste the following links to a web browser:
- Staff www.abdn.ac.uk/local/passwd
- Students www.abdn.ac.uk/qpm/user
There is a likelihood that you may receive phishing emails asking you to change your password. Check the address of the web page carefully before entering your password details and confirm that the padlock item is shown:
Clicking on the padlock item should confirm that the site has been identified as “www.abdn.ac.uk”.
Compromised Sites:
The following is a list of popular websites along with advice on whether you need to reset your password or not.
Site Name | Was it affected? | Do you need to change your password? |
Amazon Web Hosting | Yes | Yes |
Box | Yes | Yes |
Dropbox | Yes | Yes |
Yes | Yes | |
Flickr | Yes | Yes |
GitHub | Yes | Yes |
Gmail | Yes | Yes |
Yes | Yes | |
LogMeIn | Yes | Yes |
Minecraft | Yes | Yes |
Netflix | Yes | Yes |
Yes | Yes | |
SoundCloud | Yes | Yes |
Tumblr | Yes | Yes |
Wikipedia | Yes | Yes |
Wordpress | Yes | Yes |
Wunderlist | Yes | Yes |
Yahoo | Yes | Yes |
Yahoo Mail | Yes | Yes |
YouTube | Yes | Yes |
| ||
Amazon | No | No |
AOL | No | No |
Apple | No | No |
Basecamp | No | No |
eBay | No | No |
Evernote | No | No |
Groupon | No | No |
Hotmail / Outlook | No | No |
Hulu | No | No |
No | No | |
Microsoft | No | No |
PayPal | No | No |
No | No |
Please remember, never use your University password for anything other than for University systems.