On April 7th, the OpenSSL project has published a Security Advisory detailing a severe zero-day vulnerability in its encryption software, used by a sizable percentage of the internet. The exploit is called “Heartbleed” and it can potentially allow attackers to retrieve sensitive information from any server accepting SSL connections.
We have patched the vulnerability in our service infrastructure and have taken further efforts to mitigate any potential risks.
We have no reason to believe any Captain Up accounts were compromised.
Steps We’ve Taken
Here’s some more details on the actions we took:
– We’ve upgraded our infrastructure to a fixed release of OpenSSL.
– We’ve generated new certifications for all of our SSL endpoints.
– We’ve replaced all the secert keys across our system.
– All user sessions were reset.
– We’re conducting a comprehensive security review of every system that might have been affected.
What You Can Do
We have no indication that the “Heartbleed” exploit was used against our service. However, due to the wide nature of this issue, we highly recommend you to reset your Captain Up password, as well as reset your password in any other service you use that contains sensitive information.
We take your security extremely seriously. If you have any questions or concerns email us at firstname.lastname@example.org