In regard to the recent Heartbleed bug discovery, I’ve received notifications from some sites, such as Tumblr and Pinterest about changing my password, however according to a post in Pinterest help, not all users may have received this email.
Part of the message reads: “We were quick to fix the issue on pinterest.com, and didn’t find any evidence of mischief on Pinner accounts as a result. We did ask some Pinners to change their passwords, just to be extra careful.”
As a precaution, even if you did not receive an email suggesting you change your password, it’s a really good idea to do so anyway and to change all your passwords frequently to protect all your accounts. If you have trouble keeping track of your passwords, try the free LastPass app.
If You Think Your Pinterest Account Has Been Compromised
Pinterest offers several suggestions if your account may have been compromised:
1. You’re seeing boards or Pins you didn’t add – change your password. If pins/boards were added, you can delete them when you’re logged in, however if pins/boards were deleted, Pinterest cannot get them back for you.
2. You got an email about a change you didn’t make – lock your account using the link in the email they sent. This will protect your account until you are able to change your password.
3. Your account is in safe mode – if suspicious activity is detected on your Pinterest account, they will place your account into safe mode to protect your pins and prevent any changes from being made to your account. An email will be sent to you requesting you to change your password to get out of safe mode.
Pinterest and most other sites will never contact you for your password, so always be extremely cautious if anyone requests your password for any site via email or phone, especially if you did not make the phone call.
If you are ever unsure of the legitimacy of an email:
- Do not open any attachments, especially if they end in .exe – that extension is used for software installation and clicking on the program can install it on your computer
- Don’t click on any links in the email; instead go directly to the site by typing in the url yourself
- Check the email address of the sender in the header – if it is not from the company it says it’s from, don’t trust it. (i.e. in my spam box right now is an email supposedly from AT&T, but the email address is firstname.lastname@example.org – don’t go to that link, it’s probably a phishing site; had it really been from AT&T, the domain would include att.com)
- If you receive an email that you believe is a scam or phishing, report it here