We have had several requests come in recently now that news of Heartbleed, the common name for CVE-2014-0160, has been garnering widespread attention. Such concerns are understandable given reports that several popular legal websites allegedly have been affected. For those who are still unfamiliar, Heartbleed is a bug in certain versions of the OpenSSL TLS heartbeat extension which allowed attackers to gain access to critical information on servers, including usernames and passwords. Affected versions are OpenSSL 1.0.1 through 1.0.1f. The bug was introduced to OpenSSL in December 2011, and in the wild since the release of 1.0.1 on March 14, 2012. After the initial disclosure of the bug on April 7, 2014, a fix has already been implemented.

Our users, naturally, want to make sure their sensitive information, including their usernames and passwords, are secure. Rest assured, after news of Heartbleed broke, our engineers were on top of things, and promptly updated to the Fixed OpenSSL which is not vulnerable to this bug. They have also rigorously scoured our server logs and have found no signs that any data from our servers were compromised. Rest assured, we have been on top of this since it became public, and your information is as safe as ever.