As many of you have probably heard a serious security issue (dubbed the “heartbleed bug”) was found in the OpenSSL library yesterday. This is a very serious issue as this library is used to encrypt a large percentage of the Internet’s traffic, including web and email.
The security issue could allow anybody to access parts of the encrypted traffic as well as the secret keys used to encrypt that traffic.
What we have done
As soon as we were made aware of the issue we started updating the OpenSSL version used by our various systems and we replaced the SSL certificates that we were using.
As of now all of our systems have been patched and all of our SSL certificates have been replaced.
What you should do
We are not aware of any data having been compromised but there is a possibility that some may have been so as a precaution we recommend making the following changes:
- If you are using SSL certificates for your sites there is a risk that your certificates have been compromised. So we recommend that you ask your certificate provider to re-issue your certificates and then open a ticket for us to replace your certificates with the new ones.
- Once you have replaced your SSL certificate, you should consider that the data secured by your old SSL certificates may have been compromised. Change any passwords or other credentials that were encrypted by your old SSL certificates.
- We recommend that you change your WebFaction control panel password. Although the WebFaction control panel wasn’t vulnerable (it uses a different version of the OpenSSL library) the SSL certificate that it uses may have been compromised because it was also used by other sites which were vulnerable. So there is a small possibility that some control panel passwords may have been compromised.
- If you’re using phpMyAdmin or phpPgAdmin on our servers you should change these passwords.
- If you are using our email services we recommend that you change your email passwords.
You can find more information about the heartbleed bug at http://heartbleed.com
If you have any questions regarding this issue just open a support ticket and our team will reply to you asap.