300,000 websites still vulnerable to Heartbleed

It’s been over two months since the Heartbleed vulnerability became a major problem for websites and companies, but many still aren’t out of the woods just yet. Approximately 300,000 web servers are still at risk of being affected by the bug.

More from Technology

That information comes an updated report from researchers at Errata Security.

Robert Graham of Errata published his findings over the weekend. After originally finding 600,000 websites that were vulnerable, Graham found that only 318,239 sites were still open to the bug after one month. With yet another month gone by, the research shows that over the last 30 days, only about 9,000 websites have been patched to end the vulnerability to the bug. This means, according to Graham, that many have stopped trying to patch their servers to combat the vulnerability.

For those unaware, or can’t recall, what the Heartbleed bug is, it’s a large OpenSSL exploit that left large portions of websites open to attack. The way it works is that the attacks can go into the servers and grab confidential information, including encryption keys.

These keys could then be used by attackers to gain access to usernames, passwords and other personal information that should be kept away from everyone. It was an issue that, though being discovered just this past April, has been kept under wraps for the last couple of years.

Graham stated in his report that he still expects sites to be vulnerable years from now.

“We should see a slow decrease over the next decade as older systems are slowly replaced,” he said. “Even a decade from now, though, I still expect to find thousands of systems, including critical ones, still vulnerable.”

For more on the Heartbleed bug, stay with FanSided.com.