Our Response to the Heartbleed Vulnerability
Over the past several days, you’ve probably begun to become inundated with notices from websites about the ‘Heartbleed‘ vulnerability. If you’re not familiar with it, Heartbleed is a serious vulnerability in the encryption software used by a large portion of the Internet.
The vulnerability enables an attacker to potentially steal information normally protected by the SSL encryption on websites. This means that even with the padlock icon in your address bar, your passwords and other information may not have been secure.
Apptentive has been secured against the Heartbleed vulnerability.
Our number one priority is the privacy and security of our customers’ and their customers’ information. We take this responsibility extremely seriously. While we have no evidence that any information has been compromised, we concluded that we should require all of our customers to reset their passwords. All of our customers have been notified.
As a service provider and as a citizen of the Internet, this vulnerability is especially frustrating since it strikes at the heart of the trust and confidence we have for what it means for a website to be secure. It reminds us that nothing is absolutely certain, and we must always remain vigilant about protecting our data from theft and malicious use.
Every one of us at Apptentive is in the process of resetting our personal passwords on sites affected by Heartbleed (which, unfortunately, is almost all of them). We recommend that you do the same, and remind you that you must wait to reset your password until a website indicates that they have secured themselves.
Here are some additional resources that we’ve found valuable for learning more about the Heartbleed vulnerability:
P.S. For system status and other Apptentive updates follow @Apptentive_Ops on twitter.