With the news over the last month that there has been a long-running security flaw in OpenSSL encryption technology which may have affected 2/3 of the world’s web servers, we wanted to reassure all our clients and let you know that this issue does not impact on the security of your Magnetise products and services, nor the data we collect for you through our lead generation technologies and products.
All our services run on the Amazon AWS infrastructure, meaning that we could rely on Amazon to quickly address any issues that arise, as they have done with the Heartbleed bug. The company issued a statement which you can read here to confirm it has already mitigated the issue meaning that individual action is not required.
Other steps we have taken include:
Patching any affected services within 24 hours of the issue coming to lightUpdating all secure certificatesUpdating all server access keysRotated our SSL certificates as per Amazon’s advice
Unlike the majority of companies affected by this issue however, the potential vulnerability in Magnetise's technology was fleeting. We only started using the affected portion of Amazon's services in late March 2014, meaning we can be sure that there can have been no data theft or leakage prior to this point. The length of time between OpenSSL being affected and the industry becoming aware of the problem is considered by security experts to have increased the risk of exposure. We are therefore confident that our systems were and remain secure and as such we do not require our clients to change any log-in data unless the same passwords are also being used across affected services.
Of course, an issue of this breadth means that many of us may be affected by the problem outside of the workplace in our roles as digital consumers too. Websites such as Mashable have published lists of those sites and services that may be particularly vulnerable so you can double check whether your favourite sites and networks on the list and what you need to do. There are also services such as have I been pwned and Should I Change My Password that Forbes recommends people can use to check vulnerability. There is conflicting advice in the media about whether to change passwords immediately or once the security flaw has been fixed, so we would recommend contacting at-risk websites to check their specific advice on the matter.
In this digital era we all need to be vigilant about both privacy and risk – despite the industry’s best efforts, vulnerabilities such as Heartbleed will occasionally happen. Ensuring our technologies, policies and procedures are strong, working closely with our partners and driving both security and data excellence through all we do has always been our modus operandi and we will continue forwards in this vein.
To finish on a light-hearted note, take a look at this spoof video that shows you everything you definitely should not be doing in response to the Heartbleed bug!