Heartbleed security flawA major security flaw may be exposing your information on the Internet, even if you’re using an encrypted website, as reported by The New York Times. The bug, called Heartbleed, was discovered by Finnish security experts and is estimated to affect more than half a million websites, according to an Internet security firm.

How does this flaw expose my information?

The Heartbleed flaw doesn’t directly attack Internet users, instead it affects web servers that are running on a free set of encryption tools called OpenSSL. Once the servers are infected with the bug, hackers are able to access information stored on the server as well as users’ interactions with the websites hosted by the infected server.

This means that even if the user is entering their personal information into a secure website, or a website with a URL that starts with “HTTPS,” that’s infected with this bug, hackers will be able to access the information that you provide to the site. It’s unclear what information is accessible through the flaw, but many security experts are suggesting that sensitive information, such as passwords, bank information, stored files and other information may be exposed.

What can I do to protect myself?

Unfortunately, since the flaw needs to be fixed on the server’s side, or the company who manages the server, consumers are limited to ways that they can protect themselves. That being said, there are still some precautionary steps that you can take to ensure the safety of your information.

Normally when there’s some sort of security flaw, it’s suggested that you change your password for all of your account immediately. That isn’t the case with this flaw. Instead of changing your password, security experts are recommending that you wait until you receive confirmation from a company that the flaw is non-existent on its servers or has been fixed. The main reason behind this is if you change your password while the website’s servers are still infected with the flaw, then you’re just handing your new account password over to potential hackers.

If you’d prefer to see if a specific website may be impacted, you can check it with this tool created by an Italian security expert. It should be noted that even though we found the tool helpful most of the time, there were a couple of instances when the website “timed out” and could not provide us with any information.

Additional step to protect yourself: Luckily, there is one preventative step that you can take to protect your information in the event that it’s exposed by the Heartbleed flaw — sign up for identity theft protection. These services monitor the use of your personal information on the Internet black market as well as public records, so in the event that your information is breached through the Heartbleed security flaw or any other breach, you’ll be alerted of any use of your information.

On top of that, most identity theft protection services also monitor the activity on all three of your credit reports — Experian, Equifax and TransUnion — and will alert you if anything is added or changed on any of the reports. In the event that you do fall victim to identity theft while you’re signed up for an identity theft protection service, you will be walked through every step of the restoration process by an identity theft restoration expert.

And the best part of identity theft protection services is that most of them offer some sort of free trial so you can test out the service prior to making any financial commitment. Visit our identity theft protection reviews to see which service will best fit your needs.