The Heartbleed Bug: What You Need to Do

Dear Ross Community:

The entire Internet community is currently experiencing a wide-spread security vulnerability that has been nicknamed the “Heartbleed Bug.” The bug allows malicious users to collect sensitive personal information such as passwords.

Many websites, including those run by U-M, are now updating and fixing their software to “patch” and protect against this vulnerability. Since changing your password will not protect you unless the website software has been patched, we will notify you once all U-M websites have received the patch.

The good news is that at this time there is no evidence that any U-M websites were compromised before these fixes were put in place.

However, given the widespread nature of this bug it is likely you’ll need to take some kind of immediate action. Many popular websites such as Facebook, Dropbox, Instagram, Pinterest, and Google have been affected.

There are two steps you need to take for each website that was affected by this vulnerability.

  1. Check to make sure the website has updated or fixed the software they use to run the site.
  2. If they have, change your password for that website.

You can determine which websites were affected, whether or not they have updated their software, and whether or not they recommend changing your password by referring to the popular “Heartbleed Hit List.” If a service you use is not listed there, try seeking an answer from them directly.

This is one of the worst security exploits ever seen and has gone undetected by the entire Internet community for almost two years. If you’d like more information, a good place to start is U-M’s Safe Computing website.

If you have questions please contact the Ross Helpdesk by email ( or phone (734-615-3000).

We can also be reached on Twitter (@UMRossIT) and a list of our most recent announcements can be found on iMpact should you wish to verify the authenticity of this email.

Thank you,

Ross Technology