Dear Mag+ user,
On Tuesday April 8th, 2014 news circulated around the internet about an OpenSSL vulnerability called Heartbleed. OpenSSL is an open source software suite widely used by companies all over the globe to encrypt web communications. The Heartbleed vulnerability makes it possible for third-parties to snoop in on what was previously thought to be secure, encrypted data passed between a web browser and a server. While it's unclear whether anyone has had data stolen by Heartbleed, it's important for all companies managing public-facing servers utilizing OpenSSL to take actions to ensure the integrity of their data.
To learn more about Heartbleed and its wide-reaching impact, read these links:
- The official Heartbleed page located at http://heartbleed.com
- The Verge's "Why Heartbleed is the most dangerous security flaw on the web"
- The Washington Post's "What you need to know about the Heartbleed bug"
What Mag+ has done in response to Heartbleed
The security and availability of your data stored within Mag+ servers is of critical importance to us. As a result, this is what we've done:
- Mag+ uses the Heroku cloud application platform for our products. This platform was patched as of Tuesday April 8th at 01:08 UTC to address the Heartbleed vulnerability. You can read more about Heroku's detailed response to Heartbleed at their Current Status and Incident Report.
- We have re-issued all SSL certificates to ensure they are safe from Heartbleed.
- We have reset all internal credentials and passwords.
- We will soon be revoking all active sessions, requiring all users to sign in again.
What you must do to help protect your data
Just to make clear: there has been no confirmation anywhere on the internet as to data having been stolen as a result of Heartbleed. Still, you should do the following to protect your data stored on Mag+ servers:
- Change the password for your Mag+ Publish portal account, as this may have been exposed through the Heartbleed exploit. Detailed instructions are listed below.
How to change your Mag+ Publish portal password
1. Visit <http://publish.magplus.com> and if you are logged in, please go to the drop-down menu in the upper-right corner of the screen and select "Log out".
For further information
If you have further questions about Heartbleed's impact on Mag+ and your data, you can do the following:
- Post a question on our user forums at http://support.magplus.com/forums/20497291-Community-Questions-Answers
- Submit a support ticket once you have logged in to the Mag+ support site at http://support.magplus.com/forums