In April, the internet went into an uproar over the Heartbleed vulnerability, a flaw in OpenSSL that called into question the security of countless different websites. For a couple weeks at least, awareness of the vulnerability was extremely high, with numerous web publications keeping a running tally of the sites affected by the Heartbleed flaw, and instructing web users on where and how to change their passwords to avoid having personal information fall into the wrong hands.

Two months later, though, awareness and worry over the Heartbleed problem seems to have fallen almost down to zero. The natural reason for the radio silence would be that the vulnerability had been thoroughly patched and fixed. However, according to a report on Phys.org, that simply is not the case. On the contrary, the report found that more than 300,000 web servers continue to use the flawed version of OpenSSL, and therefore remain vulnerable to Heartbleed.

The report from Phys.org was based on a blog written by web security expert Robert Graham, who said that there were about 600,000 vulnerable servers back when Heartbleed was first publicized in April. Since then, nearly half of those servers have been patched and fixed, but half of them remain unsafe and unsecured. Graham found this information by simply “scanned on port 443,” the part of OpenSSL from where the Heartbleed flaw originates.

In Graham’s estimation, the statistics show that web masters have simply stopped trying to patch their systems, leaving customers vulnerable to hacker attacks. He also expects that many of these systems will still be vulnerable a decade from now, leaving huge security holes all over the internet. Graham vowed to run another check in July, another at the six month mark, and one a year going forward, just to keep tabs on how widespread the Heartbleed problem continues to be.