Heartbleed, what is it?
Heartbleed is a security vulnerability that researchers discovered in recent versions of OpenSSL, which is a technology used to transmit encrypted communications to safeguard transactions on the web.The Heartbleed bug allows attackers to read the memory of the systems protected by the vulnerable versions of the OpenSSL software, namely versions 1.0.1 through 1.0.1f.
How does it affect you?
This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content, allowing attackers to steal data directly from the services and users.
How did we protect against it?
In order to protect Hushmail against this vulnerability, we replaced all our SSL keys and certificates after patching the vulnerable OpenSSL service for each of the services that are using the OpenSSL library. In other words, Hushmail is now fully protected against this vulnerability. As a result of these security measures, you might have been requested to log back in to your account.
Should I change my passphrase?
Even though our servers are not vulnerable to Heartbleed anymore, our best practice suggestion is that users change their passphrases as a precaution against it. Anyway, we always recommend changing your passphrase periodically.
Need more info on Heartbleed?
Learn more about this bug at heartbleed.com