As widely reported, an exploit known as OpenSSL HeartBleed CVE has affected many Internet systems by creating a vulnerability that could allow attackers access to personal data.
At Burst SMS, we have investigated if and how this issue was affecting our service and our customers, and concluded that there was minimal risk to our customers.
As a precautionary measure since then, we have:
- Updated our OpenSSL libraries to use the latest vulnerability-free versions
- Validated changes through vulnerability assessment tools
- Changed our critical passwords
- Initiated renewal of potentially affected SSL certificates with new private keys
- Ensured our vendors have updated their services to mitigate the vulnerability
We uncovered no evidence suggesting that any data or credentials were compromised, and throughout this time, we have maintained service levels and normal operations.
As standard practice for any web application we recommend regular updating of your password.