Retailers Sending Mixed Messages in Wake of 'Heartbleed' Bug Scare


"We haven't detected any signs of suspicious account activity that would suggest a specific action, but we encourage people to take this opportunity to follow good practices and set up a unique password for your Facebook account that you don't use on other sites," the Facebook spokesperson said.


Ty Rogers, a spokesman for Amazon, said in an emailed statement that the company's website "is not affected" by the Heartbleed bug.


A Google spokesperson said in an emailed statement, "The security of our users' information is a top priority. We proactively look for vulnerabilities and encourage others to report them precisely so that we are able to fix them before they are exploited. We have assessed the SSL vulnerability and applied patches to key Google services."

A Google spokesman confirmed today the company statement, which contradicts advice from Mashable.

"The security of our users' information is a top priority. We fixed this bug early and Google users do not need to change their passwords," the Google spokesman said.

Google also posted a blog on Wednesday detailing the fix for the bug and pointing out that Android users are not vulnerable.

In general, Google advises users to pick strong passwords that are different for each of your important accounts and it is good practice to update your passwords regularly. The firm also recommends turning on two-step verification, which provides a stronger layer of sign-in security. Even if your password gets stolen, it's not enough to access your account, the company said.


In a statement on Wednesday, Yahoo said, "A vulnerability, called Heartbleed, was recently identified impacting many platforms that use OpenSSL, including ours."

The company said it has "successfully made the appropriate corrections across the main Yahoo properties (Yahoo Homepage, Yahoo Search, Yahoo Mail, Yahoo Finance, Yahoo Sports, Yahoo Food, Yahoo Tech, Flickr and Tumblr) and we are working to implement the fix across the rest of our sites right now. We're focused on providing the most secure experience possible for our users worldwide and are continuously working to protect our users' data."


A spokeswoman for Intuit, which owns the popular tax preparation program TurboTax, said the company is "not proactively recommending" that customers update their online passwords but "it is always good practice to regularly update" them.


Tumblr issued a warning Tuesday, saying the blog site has "no evidence of any breach and, like most networks, our team took immediate action to fix the issue," but users should change all their passwords.


A statement from a Netflix spokesman said, "Like many companies, we took immediate action to assess the vulnerability and address it. We are not aware of any customer impact. It’s a good practice to change passwords from time to time, and now would be a good time to think about doing so. We have additional security guidelines on our site at"

ABC News' Zunaira Zaki contributed to this report.

  • 1
  • |
  • 2
Join the Discussion
blog comments powered by Disqus
You Might Also Like...