The Heartbleed bug is serious. Disclosed less than two days ago, the Heartbleed bug has sent sites and services across the Internet into patch mode.
For an in-depth explanation of what exactly Heartbleed is, and what it does, read this post by our own Stephen Shankland. In essence, the bug potentially exposed your username and password on sites like Facebook, Google, Pinterest, and more.
Using Alexa.com, we've been going through the list of the top 100 sites in the US, plus a few extras, and asking "Have you patched the Heartbleed bug yet?" Once we have an answer, we will fill in the chart below with the response.
While we wait to hear back, we will be testing the sites against the Qualys SSL Server Test. There may be some instances where the patch isn't detected or a server can not be inspected (the site may be fine, but Qualys can not confirm that), in which case we will mark the site as "be on alert." When a site is marked as such, you should proceed with caution and contact the site or company directly if you have any questions pertaining to your account security.
You may notice some companies will be marked as "was not vulnerable." In that case, the site in question does not use the type of OpenSSL encryption this bug was based on and your data was never at risk.
If you're checking back after seeing earlier versions of this story, you may also notice that some statuses have changed. For instance, the status for Microsoft, MSN, and Live has been updated to "was not vulnerable" once Microsoft confirmed that to be the case.
| Site | Qualys | Confirmation from site |
|---|---|---|
| Pass | Vulnerability patched. Password change recommended | |
| Pass | Vulnerability patched. Password change recommended | |
| YouTube | Pass | Vulnerability patched. Password change recommended |
| Yahoo! | Pass | Vulnerability patched. Password change recommended |
| Amazon | Pass | Was not vulnerable |
| Wikipedia | Pass | Vulnerability patched. Password change recommended |
| Pass | Was not vulnerable | |
| eBay | Pass | Was not vulnerable |
| Pass | Was not vulnerable | |
| Craigslist | Pass | Awaiting response |
| Bing | Pass | Vulnerability patched. Password change recommended |
| Pass | Vulnerability patched. Password change recommended | |
| Blogspot | Pass | Vulnerability patched. Password change recommended |
| CNN | Pass | Was not vulnerable |
| Live | Pass | Was not vulnerable |
| PayPal | Pass | Was not vulnerable |
| Pass | Vulnerability patched. Password change recommended | |
| Tumblr | Pass | Vulnerability patched. Password change recommended |
| Espn.go.com | Pass | Vulnerability patched. Password change recommended |
| Wordpress | Pass | Awaiting response |
| Imgur | Pass | Awaiting response |
| Huffington Post | Not available | Awaiting response |
| Pass | Vulnerability patched. Password change recommended | |
| MSN | Pass | Was not vulnerable |
| Netflix | Pass | Vulnerability patched. Password change recommended |
| Weather.com | Not available | Vulnerability patched. Password change recommended |
| IMDb | Not available | Was not vulnerable |
| Yelp | Pass | Vulnerability patched. Password change recommended |
| Apple | Pass | Was not vulnerable |
| AOL | Pass | Awaiting response |
| Microsoft | Pass | Was not vulnerable |
| NYTimes | Pass | Awaiting response |
| Bank of America | Pass | Was not vulnerable |
| Ask | Not available | Was not vulnerable |
| Fox News | Pass | Was not vulnerable |
| Chase | Pass | Was not vulnerable |
| GoDaddy | Pass | Vulnerability patched. Password change recommended |
| About | Not available | Was not vulnerable |
| BuzzFeed | Pass | Awaiting response |
| Zillow | Pass | Was not vulnerable |
| Wells Fargo | Pass | Was not vulnerable |
| Etsy | Pass | Vulnerability patched. Password change recommended |
| XVideos | Not available | Vulnerability patched. Password change recommended |
| Walmart | Pass | Was not vulnerable |
| CNET | Pass | Was not vulnerable |
| Pandora | Pass | Was not vulnerable |
| xHamster | Pass | Awaiting response |
| PornHub | Pass | Was not vulnerable |
| Comcast | Pass | Awaiting response |
| Stack Overflow | Pass | Vulnerability patched. Password change recommended |
| Salesforce | Pass | Was not vulnerable |
| Daily Mail | Be on alert | Awaiting response |
| Vimeo | Pass | Vulnerability patched. Password change recommended |
| Conduit | Pass | Awaiting response |
| Flickr | Pass | Vulnerability patched. Password change recommended |
| Zedo | Not available | Was not vulnerable |
| Forbes | Not available | Was not vulnerable |
| LiveJasmin | Not available | Vulnerability patched. Password change recommended |
| USPS | Pass | Vulnerability patched. Password change recommended |
| Indeed | Pass | Awaiting response |
| Hulu | Pass | Was not vulnerable |
| Answers | Pass | Was not vulnerable |
| HootSuite | Pass | Was not vulnerable |
| Amazon Web Services | Pass | Awaiting response |
| Adobe | Pass | Awaiting response |
| Blogger | Pass | Vulnerability patched. Password change recommended |
| Dropbox | Pass | Vulnerability patched. Password change recommended |
| Reference.com | Pass | Was not vulnerable |
| AWeber | Pass | Was not vulnerable |
| UPS | Pass | Was not vulnerable |
| Intuit | Pass | Awaiting response |
| NBC News | Pass | Awaiting response |
| USA Today | Pass | Was not vulnerable |
| Outbrain | Pass | Vulnerability patched. Password change recommended |
| The Pirate Bay | Pass | Awaiting response |
| The Wall Street Journal | Pass | Awaiting response |
| Bleacher Report | Pass | Awaiting response |
| Constant Contact | Pass | Was not vulnerable |
| Wikia | Pass | Vulnerability patched. Password change recommended |
| CBSSports | Pass | Was not vulnerable |
| Publishers Clearing House | Pass | Awaiting response |
| Washington Post | Not available | Vulnerability patched. Password change recommended |
| Target | Pass | Was not vulnerable |
| Drudge Report | Be on alert | Awaiting response |
| TripAdvisor | Pass | Was not vulnerable |
| FedEx | Pass | Was not vulnerable |
| Capital One | Pass | Was not vulnerable |
| wikiHow | Not available | Was not vulnerable |
| Googleusercontent.com | Pass | Vulnerability patched. Password change recommended |
| Groupon | Pass | Was not vulnerable |
| Best Buy | Pass | Awaiting response |
| AT&T | Pass | Awaiting response |
| Home Depot | Pass | Awaiting response |
| Trulia | Not available | Was not vulnerable |
| TMZ | Pass | Awaiting response |
| Feedbin | Pass | Vulnerability patched. Password change recommended |
| Pinboard | Pass | Vulnerability patched. Password change recommended |
| GetPocket | Pass | Vulnerability patched. Password change recommended |
| IFTTT | Pass | Vulnerability patched. Password change recommended |
| ManageWP | Pass | Was not vulnerable |
PayScale | Pass | Was not vulnerable |
OKCupid | Pass | Vulnerability patched. Password change recommended |
Dillard's | Pass | Was not vulnerable |
NetZero | Not available | Was not vulnerable |
Classmates | Not available | Was not vulnerable |
MyPoints | Pass | Was not vulnerable |
Orbitz | Pass | Was not vulnerable |
This list is going to be live and constantly updated; please return to view the latest information as we get it.
CNET's Seth Rosenblatt contributed to this report
