On Monday this week, security researchers released details of a security vulnerability in the OpenSSL protocol which potentially allows an attacker to access information from a client or server’s memory (CVE-2014-0160: http://www.openssl.org/news/vulnerabilities.html).
The vulnerability has been fixed in OpenSSL v1.0.1g.
Like most other companies on the Internet, we also use OpenSSL library in our environments and unfortunately were affected with this bug.
Due to the nature of this vulnerability, there is no method to know 100% if you were affected with this issue.
Because of this, we highly recommend changing your passwords within your WebsiteAlive accounts (and any other online passwords you use on other sites for that matter).
We’ve already upgraded all necessary services on our front end and back end which uses the OpenSSL library, so the security hole is closed.
Specifically, we’ve updated our internal software services such as HTTP/VPN and keep a record in order to track progress on the updates from other 3rd-party SaaS services that we are using such as Amazon AWS, SendGrid, and Braintree. We’ve also reissued all SSL certificates in order to protect our customers from possible consequences of this vulnerability.
If you have any questions or need additional details, feel free to contact us at firstname.lastname@example.org.