Heartbleed: don’t rush to update passwords, security experts warn

Internet security researchers say people should not rush to change their passwords after the discovery of a widespread “catastrophic” software flaw that could expose website user details to hackers.

Suggestions by Yahoo and the BBC that people should change their passwords at once – the typical reaction to a security breach – could make the problem worse if the web server hasn’t been updated to fix the flaw, says Mark Schloesser, a security researcher with Rapid7, based in Atlanta, Georgia. 

Tumblr, which is affected, issued a warning to its users on Tuesday night. Although the firm said it had “no evidence of any breach”, and has now fixed the issue on its servers, it recommends users take action. Full story