How to protect yourself from 'Heartbleed' virus


Posted at Jul 15 2014 05:00 PM | Updated as of Jul 16 2014 10:14 PM

MANILA, Philippines – The Credit Card Association of the Philippines (CCAP) has advised the public to be extra cautious in doing transactions over the Internet amid the discovery of the "Heartbleed" virus.

The virus gives hackers access to confidential passwords and credit card information.

Although there have been no reported cases of the virus penetrating any online platform of banks and other websites in the Philippines, CCAP executive director Alex Ilagan still warned credit card users against accessing websites affected by the bug.

“Lists exposing websites who are affected by Heartbleed are available on the Internet. We strongly suggest for our dear credit cardholders to simply research using their preferred search engine. The list also specifies if the website has patched defenses against Heartbleed,” Ilagan said.

He advised those with major accounts on affected websites to immediately change their password to avoid getting hacked.

But the CCAP official noted that if a website “has not patched the bug yet, changing the password will not entirely protect its users against Heartbleed.”

Ilagan also advised against using the same password for different accounts, especially in banks and credit card websites.

“Please be vigilant and make sure that one keeps an eye on sensitive online accounts. Bank and email accounts should be continuously monitored for suspicious activity,” he said.

Around 500,000 foreign websites, including email service providers and social networks, could have been affected by Heartbleed, according to research firm Netcraft.

“Hackers can steal the server’s digital keys, which are used to encrypt communications, internal documents, and user’s personal data. This in turn contains credit card information, which is used to purchase products and pay for services online,” Ilagan said.

But Ilagan noted that a system-breach among Philippines banks is unlikely because most of them use high-level data security and encryption measures to protect their clients’ classified information.