Even though Heartbleed became one of the most widely known internet bugs and threatens private information across many of the web's biggest sites, just four in ten people actually took action to change their passwords or close an account, according to a Pew report.
Discovered in early April, the Heartbleed bug affected the security of most well-used sites, including Yahoo, Google, and Facebook. As we and other sites explained at the time, the problem was due to a vulnerability in OpenSSL, a protocol that is used to encrypt user information across the web. That weakness potentially allowed hackers, including the NSA, to gain access to private account information, including passwords and credit card information. Once sites uncovered and fixed the problem on their own site, they issued a clear directive to users: change your password.
But a Pew Research Center survey of 1,501 adults shows that not everyone took their advice. The report found that the Heartbleed story was widespread, as 64 percent of Internet users had heard about the problem. But within the cohort of people who had heard of Heartbleed, only 61 percent changed their passwords in response. That's far below the appropriate number of, well, every single Internet user.
The main reason for the lack of action, Pew suggests, was that people simply weren't perturbed by the security breach. Of Internet users who knew about Heartbleed, just less than half (45 percent) said their online information was vulnerable. And just a paltry six percent of Internet users believed their information was actually stolen, adding that to the list of dangers that most people believe can never happen to them.