The 1,000 most popular websites in the world are now safe from the Heartbleed vulnerability, but 2% of the top 1 million websites remain unsecure, a security firm recently said.
Cyber security firm Sucuri Inc. said it scanned the top websites as ranked by Alexa Internet, a company that collects Web traffic data, to test how many of them remain vulnerable to Heartbleed, a bug that was recently discovered.
Heartbleed is a hole in OpenSSL, a security software used by most websites, that gives hackers an entryway to steal sensitive user data, including passwords.
Of the top 1 million websites, 20,320 have still not updated their services to patch up the Heartbleed vulnerability, Sucuri said in a blog.
"If you are not patched, be aware that people are out there trying to test and exploit this vulnerability," said Sucuri Chief Technology Officer Daniel Cid in the blog. "Get your server patched as quickly as possible."
To protect themselves from Heartbleed fallout, security experts urge users to change the passwords for their online accounts for services that have been secured from the bug. Users can check if a service is safe by going to this website and typing in the address for the website they want to check.