A Note About the Recent “Heartbleed” Vulnerability

[ 0 By

Recently, a serious bug was uncovered in an open source library responsible for securing communications on the Internet. This vulnerability is colloquially referred to as “Heartbleed” and you’ve probably been hearing about it from various services you use online.

A deeper explanation of the implications and technicalities behind this can be found at heartbleed.com.

CUSTOMERS USING LITMUS WERE NOT AFFECTED.

As soon as we heard about the issue our engineering team began checking our public facing systems and discovered that the load balancers for litmus.com were not using the version of OpenSSL affected by Heartbleed.

However, we discovered that some of our internal systems using the Amazon Elastic Load Balancer service may have been compromised since they are separate internal domains, with different SSL certificates and keys.

As a precaution, we re-keyed and re-issued all our SSL certificates, including the unaffected litmus.com certificate. This was completed as soon as Amazon patched the vulnerability to prevent leaking the new keys.

We advise customers to change their Litmus password if they have used the same password on any other service or site that may have been affected.

Have any questions?

If you have any questions about this, please do not hesitate to reach out to us at hello@litmus.com.