Go Directly to Page Content
Go Directly to Site Search
Go Directly to Site Navigation
ITS Safe Computing

Heartbleed Bug: What Members of the U-M Community Need to Know

About Heartbleed and What U-M Did

The Heartbleed bug is a serious security flaw that allows an attacker to capture usernames, passwords, and other information. A patch to protect websites and servers against the bug was made available April 7, 2014. The university IT community immediately began to identify systems that were vulnerable to the Heartbleed bug and patch them. U-M’s core and critical services are patched and protected from the Heartbleed bug.

What You Need to Do

  1. Change your UMICH password. Email messages are being sent (see message timeline) advising that UMICH passwords be changed and providing UMICH Password Change Tips.
  2. Beware of phishing emails. Criminals may use the Heartbleed bug as an opportunity to try to trick you into revealing your password or other personal information through phishing emails.

If you need help, call the ITS Service Center.

For your personal accounts, we also recommend that you

  1. Change your passwords with external service providers (such as Yahoo, Twitter, Facebook, and others) who have asked you to do so or whose sites were reported as vulnerable. If you are unsure if a site was vulnerable, change the password. Visit these sites to learn if a website you use is affected by Heartbleed:
  2. Keep a close eye on your online financial accounts.
  3. Keep your operating system and applications updated on your home computers and mobile devices.

Timeline for UMICH Password Change Emails

To minimize disruption, messages were sent to members of the U-M community over a period of several weeks. The messages advised that you change your UMICH password if your password had not been changed since before April 11, 2014.