On Monday a serious vulnerability was reported in OpenSSL across the web. The vulnerability – coined Heartbleed - allows data to be stolen from websites that are typically secured by SSL/TLS encryption.
OpenSSL is used by roughly two-thirds of all websites on the internet, so the situation is critical for internet users to be aware of. The vulnerability can reveal the contents of a server’s memory – including usernames, passwords, and credit card numbers.
Let’s dig deeper to see how this affects you.
How does it affect Abine’s users?
We patched our servers right after the bug was announced. In addition, we have revoked and replaced all of our SSL certificates. In other words, we move as fast as we possibly could to secure all user data, and your information is safe with us.
Your MaskMe data was never exposed.
MaskMe Data is encrypted locally on your computer, and we only receive an already-encrypted data blob. Abine never has the ability to decrypt your MaskMe data – none of that information was exposed by this vulnerability. In addition, key data like Masked Card numbers are not stored on our servers.
Change all your important passwords.
Despite resolving the issue on Abine.com, we recommend you change your password for DoNotTrackMe and DeleteMe as an added precaution. This vulnerability, discovered by security researchers, appeared to be unknown to anybody before they discovered it and worked to find a solution. However, we can’t be sure that some bad guys didn’t know about it before. That’s why we recommend changing all of your important passwords (but not before you ensure the website has secured itself).
If you are unsure of whether or not OpenSSL was present on a website, reach out to them and ask. If a website uses OpenSSL but hasn’t patched its servers yet, you should not log in nor change your password yet. That website is still unsafe.
If you have any questions, feel free to use Abine as a resource for help. You can reach out to us at support at abine dot com.