Several days ago, a vulnerability was announced in the software that powers encryption across most of the Internet (OpenSSL). Named “Heartbleed”, the vulnerability can allow data that is normally secure and protected under SSL to become compromised. You can read more about the issue here: http://heartbleed.com.
The Heartbleed vulnerability affected the vast majority of the sites most of us use every day – Google, Amazon, Dropbox, Facebook, Yahoo! etc. GetFeedback was also affected because we use OpenSSL through our platform provider, the Salesforce1 Heroku Platform and underlying services provided by Amazon Web Services.
How does this affect GetFeedback users?
We immediately took action to ensure our systems were patched and your data is safe. Earlier this week, the Salesforce1 Heroku Platform and Amazon Web Services, had also completed patching all of their associated infrastructure.
We have been working hard to address this issue over the past few days and are happy to report that we have found no evidence that GetFeedback has been compromised in an way. In addition, we have upgraded our security infrastructure and GetFeedback is no longer vulnerable to Heartbleed. We have also re-issued a new SSL certificate to ensure that all data is safe moving forward.
Recommendations for your security
We are extremely confident that your GetFeedback account is safe, however, because Heartbleed affected so many services you probably use every day, and also given the severity of this issue, we do recommend that you update your GetFeedback password as a precaution. You can change your password in your GetFeedback Account Settings.
If you have any questions, please contact us at anytime by emailing firstname.lastname@example.org
Gopal and the GetFeedback Team