Heartbleed Vulnerability
Heartbleed Questions and Answers
Q: Is my server vulnerable
A: There was a period when anyone relying on OpenSSL was vulnerable. Upon disclosure of the vulnerability, we immediately patched our entire platform. At this time, our servers are not vulnerable, and information is secure.
Q: Has the company replaced its own SSLs
A: Yes, upon the disclosure of the vulnerability, we immediately reached out to our SSL providers and began the process of having all of our internal and external SSLs reissued.
Q: Should I replace my SSLsA: That is a personal choice. If you feel it's worth the time or dealing with sensitive data, then it's a good idea to have your cert reissued. The likelihood that your private keys were compromised is very minimal due to the lack of a public exploit at the time of the disclosure. However, if you do decide you would like to reissue, we will be happy to assist.
Q: Was my security or privacy compromised
A: There was a period when anyone relying on OpenSSL was vulnerable. Upon disclosure of the vulnerability, we immediately patched our entire platform. The likelihood that your private keys were compromised is very minimal due to the lack of a public exploit at the time of the disclosure.
Q: Should I change all of my passwords because of the heartbleed exploit
A: Changing your passwords periodically, using strong passwords, and keeping your passwords secure are things that we always recommend. While we can't say for sure what the extent of the potential impact of this heartbleed exploit may be, we always feel that it's a good idea to exercise best practices when it comes to password usage. If you haven't changed your passwords recently (or even if you have), this is a great opportunity to do so while you're thinking about it.
Learn more about the Heartbleed Vulnerability at heartbleed.com.