Here at the Quicken Loans Zing Blog, we like to keep you in the loop on issues that can affect your home, money and lifestyle. This week, a new concern has been making headlines, and we want to ease your mind about any questions you may have with regard to usernames, passwords and your Quicken Loans MyQL account.
“Heartbleed” is the name of a recently discovered bug that affects a large number of websites on the Internet that encrypt interactions between users and their site.
Quicken Loans websites are not vulnerable to the bug due to our rigorous security standards as well as those of our vendors. We made the decision years ago to not upgrade our encryption products to those using the vulnerable versions of OpenSSL. The Heartbleed bug only impacted OpenSSL versions released after December 31, 2011. The encryption technology we chose to keep was never a target or impacted by Heartbleed. The content provider that serves parts of our main site did patch prior to the announcement, but that impacted parts of our site that does not contain usernames, passwords, or client information. To ensure, we did test our current encryption as well as added additional security patches. Read our security and privacy pledge for more information.
You may be wondering what kinds of sites use encryption? Banks, retailers, and basically any site that asks for a username and password. The encryption is there to ensure that any communication between your web browser and the website is scrambled so that it’s difficult to see your information. Obviously, you wouldn’t want your password or credit card number, for example, to be open for anyone to see. Encryption makes sure that doesn’t happen.
Heartbleed, however, makes it possible for someone to “eavesdrop” on communication between you and your favorite websites. In addition, scammers may be able to obtain your username and password or your shopping information from a particular website without your involvement. Experts say that at least 17% of all websites using encryption may be vulnerable to this encryption bug, but many are getting patched as you read this article.
So, what should you do to protect yourself from Heartbleed?
Remember that this isn’t a problem with your computer, phone, tablet, or anything else that you browse the Internet with – it’s about the sites that prompt you to log in to identify yourself. The bug dates back to the end of 2011, but researchers only just discovered it. Scammers may have known about it much longer. The good news is many of the big sites that you may frequent are already confirmed to be safe:
There isn’t an easy way of knowing if a website has been affected, but changing your password is a great precautionary step. Stay safe!