OpenSSL Heartbleed Security Vulnerability

4/10/2014 0 Comments

On Monday, the OpenSSL project released an update to address a serious security vulnerability nicknamed "Heartbleed". This vulnerability impacts the encryption used for internet communications and could allow access to decrypted HTTPS traffic. Like many service providers, once CircuitHub became aware of Heartbleed we moved to address and evaluate the impact of this vulnerability. We know that our users share our concern for security and privacy, so we want you to be aware of the specifics of Heartbleed vulnerability as it relates to CircuitHub.

At no point was CircuitHub using the affected versions of OpenSSL, so the Heartbleed exploit does not apply. As a precaution we have replaced our private key and SSL certificate.

CircuitHub does not store passwords, instead relying on Dropbox for authentication. Unfortunately Dropbox was affected by Heartbleed, so we recommend rotating your Dropbox password.