Heartbleed security update

Posted: Apr 09, 2014
Share This:

Less than 36 hours ago, we learned about a potential security exploit called “Heartbleed” on some websites that use Linux/Apache and OpenSSL to secure customer information. OpenSSL enables SSL and TLS encryption, which governs HTTPS – the secure communications between your computer and the servers on the Internet. It is used by about 2/3 of the web servers in the world. This vulnerability was the result of a programming error (or bug) in several versions of OpenSSL.

Put simply, we do not use this OpenSSL encryption technology for our applications and consequently were not affected in any way. As a precaution, Scrypt engineers performed a full system audit and concluded that no public-facing web servers were exposed in any way.

Our promotional websites sfaxme.com and scrypt.com are hosted on third party servers that may conceivably have used OpenSSL certificates. We worked with providers to re-issue those certificates to be doubly safe.

Please know that you can continue to use our services without any interruption or security concerns. Our investigation shows no evidence that any user or account credentials have been compromised.

More details about the vulnerability are laid out in The New York Times and there’s a lot more information on the Heartbleed website.