Report: 300,000 still vulnerable to ‘Heartbleed’ bug

More than 300,000 Web servers are still vulnerable to the “Heartbleed” software glitch that compromised security across the Internet, according to a new analysis.

That’s a reduction of just half of the original 600,000 systems initially thought to be vulnerable, more than two months after the vulnerability was first detected.


The report from Errata Security could be a sign that many sites have simply not bothered to try and secure their systems.

“This indicates people have stopped even trying to patch,” Errata cybersecurity researcher Robert Graham wrote in a blog post. “We should see a slow decrease over the next decade as older systems are slowly replaced. Even a decade from now, though, I still expect to find thousands of systems, including critical ones, still vulnerable.”

The Heartbleed bug is a glitch in the widely popular OpenSSL encryption software that could allow for hackers to trick people’s computers into sending them personal information like credit card numbers and website passwords. The bug was made public in April after sitting dormant and undetected for the last two years.

The discovery of the bug raised fears about the state of online security and convinced more than one-third of Web users to change their passwords or take some other type of action. 

In response, computer giants like Google, Amazon and Microsoft teamed up for a multimillion-dollar effort to ensure that open source projects like the one at issue in the Heartbleed are fully funded and able to catch any glitches.