The Heartbleed bug that has likely been giving many website IT departments heartburn as they attempt to scramble to implement a fix fortunately did not impact usernames or passwords on PayScale.com or any of its compensation products for businesses like PayScale MarketRate?, PayScale Insight?, and PayScale Insight Expert?. Your PayScale passwords are safe and do not need to be changed.
However, many websites that require a login — online banking, social media websites, etc. — may have been impacted. And that means your passwords may have been compromised on a number of websites you use regularly.
PC World describes Heartbleed as a “recently disclosed programming flaw in OpenSSL that would allow attackers to read the contents of a server’s memory, exposing critical information such as SSL site keys, usernames and passwords, and user data.”
The advice we’ve seen is that you should change your passwords immediately on websites that have already implemented a patch for Heartbleed — like Facebook and Google. Wait to change your password on sites that were impacted but have yet to implement the patch (or haven’t been clear about whether they were impacted.) And don’t worry about changing your password on sites that were not affected — like PayScale. Although, changing your password regularly is never a bad practice.
A company called LastPass has created a Heartbleed checker so you can see which specific sites are vulnerable to Heartbleed. We have no affiliation with LastPass, but it seems like an awfully good idea. I’ll be heading over there right after I finish writing this post.