As you are likely aware from the tremendous amount of media coverage that it received, a new vulnerability commonly known as Heartbleed rocked the internet last week. This vulnerability affected the widely used OpenSSL cryptography library.
As soon as CloudLock was made aware of the issue, we took steps to respond:
- We updated all our systems to use a version of OpenSSL that has been patched against the bug
- We engaged our providers as they upgraded their systems as well, ensuring that all points of contact with the data we manage was secure
- We generated new SSL keys, updated all of our certificates, and reset all impacted internal credentials, just to be safe
We have no indication at this time suggesting that this issue has been used to target any data used by CloudLock, and no action is required from any of our customers.
CloudLock takes security seriously, and we will continue to monitor this situation over the coming weeks, and provide updates as appropriate. If you have any questions or concerns, please don’t hesitate to contact us directly.