Skip to main content

Almost 400 cloud providers still vulnerable to Heartbleed bug

Close to 400 cloud providers are still vulnerable to the infamous Heartbleed bug that has caused widespread panic across all industries.

Related: A closer look at how Heartbleed actually works

The intelligence team at Skyhigh Networks, which tracks vulnerabilities across cloud providers, discovered that 368 cloud providers are still vulnerable to attack and the services involved include “leading backup, HR, security, collaboration, CRM, ERP, cloud storage, and backup services.”

“The average company uses 626 cloud services, making the likelihood they use at least one affected service extremely high. Across over 200 companies using Skyhigh, 96 per cent are using at least one cloud provider that is still not patched 24 hours later. We’ll continue tracking these services and provide updates as they are patched,” stated Skyhigh in a blog post.

Skyhigh has contacted all 368 of the cloud providers that are affected by the bug and is working hard to make sure the providers patch their SSL and carry out remediation like revoking and reissuing certificates. The company has also reached out to customers that use the affected services to inform them of the issue.

It has also released a list of five steps that every company should take in response to the Heartbleed vulnerability. Firstly firms should check the level of exposure by using this tool to check the individual services affected. After this all passwords used by employees on services that are vulnerable must be changed immediately as well as passwords that are reused elsewhere.

Once this has been done companies are encouraged to enable multi-factor authentication, then contact cloud providers to receive updates on when they have released patches and security certificates have been reissued. Lastly firms are advised to use an encryption gateway in order to provide an extra layer of protection.

Related: Heartbleed and your passwords: An in-depth guide to what action you should take

Heartbleed was first outed earlier this week when it was revealed that a bug with OpenSSL meant that user data could be easily viewed by cyber criminals and led some web firms to advise users to change all passwords.