Popular sites' Heartbleed holes should be fixed
All popular online services that were vulnerable to the Heartbleed Bug have been patched, security software maker Symantec says.
The company said it had seen no sign of the bug being widely exploited.
Symantec said none of the world's 1000 most-popular websites as ranked by Amazon.com subsidiary Alexa remained vulnerable to the bug and only 1.8 per cent of the top 50,000 websites were still exposed.
While the problem was "serious", a doomsday scenario was unlikely, Symantec said.
"Based on this data, chances are that the websites most frequently visited by the average user are not affected by Heartbleed."
Heartbleed, which exploits a vulnerability in open-source encryption technology OpenSSL, can allow hackers to access people's usernames, passwords and other data by making repeated requests of the web servers that online services run on.
There is nothing consumers can do to mitigate such attacks if they use online services that are vulnerable.
The vulnerability has existed in many versions of OpenSSL since 2011, but the weakness was only disclosed – to the public and would-be hackers alike – last week.
While security researchers have in some instances been able to use Heartbleed to obtain the private "keys" used by online services to encrypt communications with customers, which could let hackers unpick the "padlock" on secure services at will, Symantec said that appeared "very difficult".
Although there is "safety in numbers" and most consumers appear likely to ignore Heartbleed, some experts have suggested people change passwords to sensitive online services once those services have been patched and re-secured, in case their credentials had previously been harvested.
Symantec said the speed with which the vulnerability had been closed meant that time had come for most online accounts and people who felt the need to change passwords could do so now.