By now I’m sure that you’ve all heard about the Heartbleed bug in some form. This is a very severe bug that affects just about everything that you do online that involves SSL. The short explanation is that there was a bug in OpenSSL, which is the piece of software used by most systems on the web to create the encryption keys used to “sign” certificates and other secure transmissions. The bug allows for an attacker to read information stored in memory directly on the server you are communicating with. This means passwords and other critical information could potentially be exposed on unpatched servers.
We have updated our OpenSSL software and recreated our keys, and reissued our SSL certificate for our users site. Our other services are not affected by this since they use a different version of the OpenSSL libraries that were not vulnerable to this bug. While we have no reason to believe that any passwords were compromised since this bug was made public, we strongly recommend that you change your passwords here and elsewhere on the internet for added security. This would be a good time to rethink your password strategy as well if you are still using weak passwords.
For further reading about this, please visit http://heartbleed.com/