The Washington PostDemocracy Dies in Darkness

61 percent of people who knew about Heartbleed actually did something about it

(Mal Langsdon/Reuters)

The Heartbleed security issue was one of the worst security problems we've seen on the Internet in recent memory — a major flaw in the way that the majority of the Web secured sensitive data.  But after years of reports about security bugs and several months of hearing about major data breaches, the challenge was communicating just how serious it was to consumers.

This time, the warnings seem to have worked, according to a new study from the Pew Research Center's Internet and American Life Project.

In a survey published Wednesday, the research group found that around 60 percent of American adults — and 64 percent of those online — were aware of the problem. Even more surprising, 39 percent of Internet users surveyed were not only aware of the issue but also took the extra steps of protecting their online accounts by either changing their passwords or canceling accounts.

While that may not seem like a particularly high number, just stop and think about how difficult it is to get 39 percent of Americans to do anything. And, according to researchers, the fact that the vast majority of people who'd actually heard about the flaw went ahead and took steps to protect themselves is pretty significant.

"I think it’s a pretty striking number," said Lee Rainie, the center's director, in an e-mailed statement.  "And, to me, even more impressively, it’s 61% of the Internet users who had heard of Heartbleed who changed passwords or deleted accounts. In other words, the majority of Internet users who had heard of the problem took a pretty significant step to address it."

Rainie added that the urgency of the coverage likely prompted people to act quickly to address the issue. "We didn’t ask people how they'd heard about Heartbleed, but I'd guess that it was a combination of media coverage plus chatter in users’ networks via social media and e-mail," he said. "And much of what we were seeing was the basic message, 'This one is really serious and you need to respond.' "

Still, there was room for improvement. The Heartbleed story didn't draw as much attention as other major news stories in the same cycle, the study found, indicating that people probably didn't fully understand what was happening. Only 19 percent of those surveyed said they had heard "a lot" about the flaw, as compared to 46 percent who said the same of tensions between Russia and Ukraine. Overall, the Heartbleed story was about as big a news story as 2013 coverage of negotiations between the U.S. and Iran and the agreement to monitor Iran's nuclear program, the study said.

Despite the widespread flaw, more Americans still said that they feel their online information is "very" or "somewhat secure" than those who don't. And while 29 percent of Americans surveyed said that they think their information was put at risk as a result of Heartbleed, only 6 percent said they think the flaw actually allowed thieves to take their personal information.