X

Heartbleed bug: Check which sites have been patched

We compiled a list of the top 100 sites across the Web, and checked to see if the Heartbleed bug was patched.

Jason Cipriani Contributing Writer, ZDNet
Jason Cipriani is based out of beautiful Colorado and has been covering mobile technology news and reviewing the latest gadgets for the last six years. His work can also be found on sister site CNET in the How To section, as well as across several more online publications.
Jason Cipriani
2 min read

large-hero-heartbleed.jpg

The Heartbleed bug is serious. Disclosed less than two days ago, the Heartbleed bug has sent sites and services across the Internet into patch mode.

For an in-depth explanation of what exactly Heartbleed is, and what it does, read this post by our own Stephen Shankland. In essence, the bug potentially exposed your username and password on sites like Facebook, Google, Pinterest, and more.

Using Alexa.com, we've been going through the list of the top 100 sites in the US, plus a few extras, and asking "Have you patched the Heartbleed bug yet?" Once we have an answer, we will fill in the chart below with the response.

While we wait to hear back, we will be testing the sites against the Qualys SSL Server Test. There may be some instances where the patch isn't detected or a server can not be inspected (the site may be fine, but Qualys can not confirm that), in which case we will mark the site as "be on alert." When a site is marked as such, you should proceed with caution and contact the site or company directly if you have any questions pertaining to your account security.

You may notice some companies will be marked as "was not vulnerable." In that case, the site in question does not use the type of OpenSSL encryption this bug was based on and your data was never at risk.

If you're checking back after seeing earlier versions of this story, you may also notice that some statuses have changed. For instance, the status for Microsoft, MSN, and Live has been updated to "was not vulnerable" once Microsoft confirmed that to be the case.

SiteQualysConfirmation from site
Google PassVulnerability patched. Password change recommended
Facebook PassVulnerability patched. Password change recommended
YouTube PassVulnerability patched. Password change recommended
Yahoo! PassVulnerability patched. Password change recommended
Amazon PassWas not vulnerable
Wikipedia PassVulnerability patched. Password change recommended
LinkedIn PassWas not vulnerable
eBay PassWas not vulnerable
Twitter PassWas not vulnerable
Craigslist PassAwaiting response
Bing PassVulnerability patched. Password change recommended
Pinterest PassVulnerability patched. Password change recommended
Blogspot PassVulnerability patched. Password change recommended
CNN PassWas not vulnerable
Live PassWas not vulnerable
PayPal PassWas not vulnerable
Instagram PassVulnerability patched. Password change recommended
Tumblr PassVulnerability patched. Password change recommended
Espn.go.com PassVulnerability patched. Password change recommended
Wordpress PassAwaiting response
Imgur PassAwaiting response
Huffington Post Not available Awaiting response
Reddit PassVulnerability patched. Password change recommended
MSN PassWas not vulnerable
Netflix Pass Vulnerability patched. Password change recommended
Weather.com Not available Vulnerability patched. Password change recommended
IMDb Not available Was not vulnerable
Yelp Pass Vulnerability patched. Password change recommended
Apple Pass Was not vulnerable
AOL Pass Awaiting response
Microsoft PassWas not vulnerable
NYTimes Pass Awaiting response
Bank of America Pass Was not vulnerable
Ask Not available Was not vulnerable
Fox News Pass Was not vulnerable
Chase PassWas not vulnerable
GoDaddy Pass Vulnerability patched. Password change recommended
About Not available Was not vulnerable
BuzzFeed Pass Awaiting response
Zillow Pass Was not vulnerable
Wells Fargo PassWas not vulnerable
Etsy Pass Vulnerability patched. Password change recommended
XVideos Not available Vulnerability patched. Password change recommended
Walmart Pass Was not vulnerable
CNET PassWas not vulnerable
Pandora Pass Was not vulnerable
xHamster Pass Awaiting response
PornHub Pass Was not vulnerable
Comcast Pass Awaiting response
Stack Overflow Pass Vulnerability patched. Password change recommended
Salesforce Pass Was not vulnerable
Daily Mail Be on alert Awaiting response
Vimeo Pass Vulnerability patched. Password change recommended
Conduit Pass Awaiting response
Flickr PassVulnerability patched. Password change recommended
Zedo Not available Was not vulnerable
Forbes Not available Was not vulnerable
LiveJasmin Not available Vulnerability patched. Password change recommended
USPS Pass Vulnerability patched. Password change recommended
Indeed Pass Awaiting response
Hulu Pass Was not vulnerable
Answers Pass Was not vulnerable
HootSuite Pass Was not vulnerable
Amazon Web Services Pass Awaiting response
Adobe Pass Awaiting response
Blogger PassVulnerability patched. Password change recommended
Dropbox Pass Vulnerability patched. Password change recommended
Reference.com Pass Was not vulnerable
AWeber Pass Was not vulnerable
UPS Pass Was not vulnerable
Intuit Pass Awaiting response
NBC News Pass Awaiting response
USA Today Pass Was not vulnerable
Outbrain Pass Vulnerability patched. Password change recommended
The Pirate Bay Pass Awaiting response
The Wall Street Journal Pass Awaiting response
Bleacher Report Pass Awaiting response
Constant Contact Pass Was not vulnerable
Wikia Pass Vulnerability patched. Password change recommended
CBSSports PassWas not vulnerable
Publishers Clearing House Pass Awaiting response
Washington Post Not availableVulnerability patched. Password change recommended
Target PassWas not vulnerable
Drudge Report Be on alertAwaiting response
TripAdvisor PassWas not vulnerable
FedEx PassWas not vulnerable
Capital One PassWas not vulnerable
wikiHow Not availableWas not vulnerable
Googleusercontent.com PassVulnerability patched. Password change recommended
Groupon PassWas not vulnerable
Best Buy Pass Awaiting response
AT&T Pass Awaiting response
Home Depot Pass Awaiting response
Trulia Not available Was not vulnerable
TMZ Pass Awaiting response
Feedbin PassVulnerability patched. Password change recommended
Pinboard PassVulnerability patched. Password change recommended
GetPocket PassVulnerability patched. Password change recommended
IFTTT PassVulnerability patched. Password change recommended
ManageWP PassWas not vulnerable
PayScale PassWas not vulnerable
OKCupid PassVulnerability patched. Password change recommended
Dillard's PassWas not vulnerable
NetZero Not availableWas not vulnerable
Classmates Not availableWas not vulnerable
MyPoints PassWas not vulnerable
Orbitz PassWas not vulnerable

This list is going to be live and constantly updated; please return to view the latest information as we get it.

CNET's Seth Rosenblatt contributed to this report