Security researcher Robert Graham of Errata Security notes that 309,197 servers are still at risk, though it has gone down from the 600,000 systems found when Heartbleed was first announced in April.
“This indicates people have stopped even trying to patch. We should see a slow decrease over the next decade as older systems are slowly replaced,” wrote Graham via blog post. “Even a decade from now, though, I still expect to find thousands of systems, including critical ones, still vulnerable.”
Additionally, Graham also stated that he will continue to scan on port 443 next month, again in six months, and then yearly to “track the progress” of the amount of vulnerable websites.
Researchers with Google and security firm Codenomicon first discovered the Heartbleed bug in the OpenSSL software, a free encryption tool used by two-thirds of Internet servers, in early April.
The vulnerability allows hackers to easily access sensitive information such as passwords, Social Security numbers, healthcare data, bank information, and credit cards.
By the end of April, the top 1,000 sites in the world have responded to the bug and secured their sites.