A vulnerability has been discovered in a popular cryptography library, OpenSSL. This flaw is being referred to as the Heartbleed Bug and it even has its own website. This vulnerability was caused by a bug introduced in version 1.0.1 of the software and has since been fixed. But, the repercussions are enormous and you should be seeing updates from many online services that discuss the impact.
How does this affect Admail?
The primary Admail web servers were not vulnerable to this flaw. However, for about six months, our content website used a load balancer for SSL termination that was. Therefore, the chance exists, however small, that the private key used for encrypting traffic has been compromised. We have revoked our old certificate and have re-keyed and issued a new SSL certificate.
Is my data safe?
The nature of the Heartbleed Bug does not allow a wholesale compromise of our services, but could allow snooping on your personal connection to Admail, revealing your login credentials to an attacker. For this reason, we advise updating your password. If you use the same password for other services, you should change it there as well.
While you’re updating passwords, it may be a good idea to invest in a good password manager.