Study: Users don't much care about Heartbleed hacking dangers
Pew finds the public less interested in flaw than previous incidents
Despite dire warnings from security experts and a massive public awareness campaign, users are less aware of the Heartbleed flaw than other recent security threats.
So say researchers with the Pew Research Center. According to a public survey of 1,501 people conducted by the company, less than one fifth feel they are well versed on the dangers of the flaw, and less than 40 per cent have taken action to protect their accounts.
The survey (PDF) polled users on both the level of their awareness on the data-leaking OpenSSL flaw and the steps they have taken to change credentials which may have been harvested by attackers. The study of 1,501 American adults was taken in the midst of the Heartbleed scare between the 23-27 April.
During that time, researchers found that 60 per cent of adults had heard of Heartbleed in some form, though 41 per cent said that they had "a little" information about the flaw and just 19 per cent had heard "a lot" about it.
Additionally, just 39 per cent of those polled said they had taken steps to secure their accounts against attacks by changing passwords or canceling unused accounts.
Those numbers, say researchers, indicate far less interest among the public in Heartbleed than other recent security threats. Pew studies in the past found that events such as the Edward Snowden data leaks drew heavy interest from more than half of all internet users, while other recent current events have caught the public attention at a higher clip than Heartbleed coverage.
"The Heartbleed story registered roughly the same level of public awareness as the U.S.-Iran negotiations and agreement to allow monitoring of Iran’s nuclear program (in November and December 2013) and Catholic Bishops in the U.S. protesting Obama Administration policies they believe restricted religious liberty (July 2012)," Pew wrote in its report on the survey.
While public awareness is lacking, many of the enterprises and service providers most impacted by Heartbleed have been taking major steps to alleviate the danger posed to their systems by the OpenSSL vulnerability.
While the Heartbleed fix has been a challenge for administrators, end users can (and should) reduce their risk with simple steps such as updating software and firmware and changing up passwords. ®