We are still running checks on all our systems to determine potential impact from theHeartbleed bug discovered on April 8, 2014. The good news is that our reviews show that most Infernotions customers should be unaffected. That means that usernames, passwords and other information provided during startup and login should not have been exposed by Heartbleed.
What we did to contain the risk
The one group of customers who have been at risk are those who use our public portal at https://social.polytab.com . As a precaution we took the following steps to address the vulnerability.
- Patch: Servers were taken offline right away and the SSL software was upgraded. The patch was in by 9:00am PT on Thursday April 9, 2014.
- Certificate update: Security certificate was changed.
- Password reset: Passwords were reset for all users on their respective accounts.
The last step in the issue resolution is for the end-user to change his/her password. The next time you sign in, you will not be able to proceed to the dashboard and the reporting platform until the password is changed.
For those customers who access their IP restricted accounts at secure.polytab.com,you have not been affected. However, as a security precaution we followed through with the aforementioned steps as part of due diligence.
Were you exposed
The Heartbleed bug means that the vulnerability existed in the server, but it does not mean that a hacker actually exploited the vulnerability. Even for the servers that were vulnerable, the likelihood that information was exposed is small. Since there is no way for us to know whether or not it has been exploited, we are being cautious and followed through with best practices.
We are continuing to research every aspect of our user-facing systems to understand the full impact. I will post updates with more information if and as required. In case of any questions, please do not hesitate to email me.