If you have been following technology news, you will have heard about the Heartbleed SSL Bug. It was an exploitable piece of code buried in the OpenSSL library that many websites (including some mb/i websites) used to establish secure connections like the ones you have when accessing Facebook, or your bank’s website.
Was my website affected?
If mb/i is your hosting provider and your site was vulnerable, you will have received an email from us during the week of April 14. Since the discovery of the Hearbleed bug was announced on Monday, April 7, mb/i has ensured that all the servers that we use have been further strengthened against this exploit.
If you are unsure if mb/i is your hosting provider, please feel free to contact us.
How does Heartbleed work?
The most concise explanation can be found in Randall Munroe’s comic, XKCD.
What steps should I take?
First, confirm that the error has been patched. Then, change your passwords.
The order in which you execute these steps is important. If an online service has not yet been patched, hackers could be watching right now – and will be able to see your new password as you first enter it.
Even though most mb/i sites were not affected by the Heartbleed SSL bug, it is a good idea to periodically update your passwords, and this is as good a time as any.
If you stored financial information in a compromised account, you may also wish to sign up for a credit monitoring service.
Who else was affected?
The Open SSL library is used by a broad range of website developers in order to add an extra level of security. It is suspected that as many as 2/3rds of the sites that use Open SSL were affected by the Heartbleed bug.
Some of them are very high profile – prompting Mashable to create a ‘hit list’ of passwords that should be updated right now.
If you have further questions about the Heartbleed bug and how it might have impacted your mb/i website, please do not hesitate to contact firstname.lastname@example.org.