Dealing With Heartbleed Bug

Avatar
heartbleed

By now you’ve likely heard of the Heartbleed Bug present in the OpenSSL cryptographic library, which was announced on Monday, April 7th and affected an incredible number of websites and internet traffic. During the time the bug was in OpenSSL, it was theoretically possible for someone to gain access to a server’s private keys, which are used to secure your connections and prevent theft of information like passwords while they are in transit.

Immediately after the announcement, our hosting provider (Amazon Web Services) started deploying the patch to their Elastic Load Balancers, which handles our SSL termination. Within hours, our instances were patched. Once the ELBs were no longer vulnerable, we got our SSL certificates signed with new keys and re-keyed all of our servers.

Although it is unlikely our traffic was compromised, we are highly recommending all of our users change their passwords using this form. We also want to use this opportunity to encourage our users to use pass phrases instead of words, and use them with a password manager such as LastPass or KeePass so that you are not reusing the same pass phrases on multiple sites.