2014 Explanatory Reporting, Medium Newsroom finalist

The Heartbleed Hit List


About the Project

When news broke of a widespread encryption bug called Heartbleed, we knew it was a story true to our core coverage that we needed to throw all resources into because it was so important. We also knew that, due to its very technical nature, readers would have a hard time digesting the details. What was Heartbleed? Should they be worried? Do they need to change their passwords? If so, to what accounts?

We knew we had to break down Heartbleed — and why it was such a big deal — into bite-sized language that any reader of any age or education could understand. It was also very unclear which websites were compromised and if they had applied the crucial patch needed to ensure their security. So, we started by calling the most popular social, email, banking and commerce sites on the web. We then created a very readable chart that any user could understand, and we committed ourselves to keeping it up to date.

We leaned hard on the companies to divulge the information for the good of their users. Some were willing to talk, but many were hesitant to divulge any information at all, so we noted that next to their company name. Then this list went viral. It was on morning talk shows, major websites — you name it. It took less than 24 hours for those very same companies to call us back and come clean about the Heartbleed aftermath and the true effect it had on users.

Mashable editors selected this story package because not only do we feel it explains a very heady subject, but we also believe that we did a public service. By publishing this list, we forced companies to talk, and many users changed their passwords or closed their accounts as a result — potentially saving themselves years of privacy nightmares.