OpenSSL HeartBleed vulnerability response

JasonJason CEOCheckfront
edited April 2014 in News and Updates
On April 7, the OpenSSL Project released an update to address a vulnerability CVE-2014-0160 nicknamed “Heartbleed”. OpenSSL is used throughout the majority of internet to secure ssl applications including encrypted web pages (https://).

As soon as our engineering team was made aware of this vulnerability, we join nearly every service provider on the Internet in protecting our services. By 6:50 PST on April 7th we had upgraded and all of our systems to the latest version of openssl, regenerated internal encryption keys and conducted a comprehensive security review in response.

There is no evidence that any services on Checkfront were breached, and a subsequent audits found no unusual activity on any of our systems. However, due to the nature of vulnerability and widespread impact on the internet we recommend our customers reset their passwords to ensure the security of their Checkfront account. You can reset your password by logging into your account, and clicking on Account / Profile / Change Password in the sidebar. Additionally if you are using the Checkfront API from an outside host we recommend you reset those tokens as a precaution.

Please note resetting your password will also reset your mobile login and iCal / RSS feed tokens if used.

As our booking plugins don't store or pass security credentials from your website to the booking page there is no additional exposure from your own website, however you'll want to check with your hosting provider and ensure they've taken the needed steps to secure your site. You can use the heartbleed testing tool validate additional services you use here: http://filippo.io/Heartbleed

For more information on heatbleed please see: http://heartbleed.com/

You'll likely hear more about this vulnerability from additional service providers in the coming days. We'll continue to monitor this and update you as needed. Please contact support (support@checkfront.com) if you have questions.

You can also review our security and pci policies here: http://www.checkfront.com/security

-Jason
This discussion has been closed.