A new report reveals a significant rift in the number of Internet users who heard about the Heartbleed security bug and those who took action to protect their personal data in the wake of the vulnerability.
While 64% of Internet users heard about Heartbleed, only 39% reacted to it by changing their passwords or deleting online accounts, according to the Pew Research Center’s Internet & American Life Project.
The research shows a gap between security experts’ and Internet users’ reactions to the bug. After companies began fixing the security vulnerability, many sent emails urging users to change their passwords. Despite those warnings, only 29% of Internet users felt their personal information was put at risk by Heartbleed, while 6% believed their personal information had been stolen — despite the fact that the nature of the bug makes it generally impossible to tell if individual accounts were compromised.
Heartbleed is a security vulnerability in OpenSSL, an open-source and free-to-use encryption method used by many of the web’s top sites, including Amazon, Facebook and Yahoo, among others. The bug was made public by security researchers in early April. While some companies privately received advance notice of the bug, others were left scrambling to address the vulnerability before being targeted by hackers. Internet security experts advised users to wait for notices from individual companies before changing their passwords, as changing login information before a fix was in place could have provided it directly to hackers waiting in the midst.
After Heartbleed was revealed, some commentators criticized top companies for using OpenSSL without contributing significant amounts of money to the project, which is run by a small handful of programmers and, backers say, has been historically underfunded. Several companies, including Google and Microsoft, have since promised funding that will support open-source projects, including OpenSSL.
Pew’s study is based on a nationwide study of 1,501 adults 18 or older. The margin of error was approximately plus or minus 2.9 percent.