Last week, security researchers made public a vulnerability in some versions of OpenSSL, named it “Heartbleed” and gave it a logo. Never before has the general public become so aware of an internet security exploit. OpenSSL is an implementation of some secure internet protocols (rules) that take care of the encryption of sensitive data such as passwords and billing information. The reason that Heartbleed captured imaginations the way it did, is that OpenSSL is the implementation used in about 66% of secure internet sites.
At Yola, we do use OpenSSL across our infrastructure to keep sensitive data private, but we were lucky to be largely unaffected by Heartbleed. This is due to the fact that all the servers responsible for handling passwords and credit card information were running an unaffected version of OpenSSL. As such, we do not even have to suggest changing passwords as an added precaution – we can say with confidence that Yola users were not compromised.
We have taken, and will continue to take, added precautions such as cycling SSL certificates on servers that were running the affected library.
Lisa Retief
VP of Engineering