Security Update: Heartbleed OpenSSL vulnerability
UPDATE: 2014-04-16 We have confirmed that all of the old certificates have been added to the Certificate Revocation List (CRL) provided by certificate issuer by April 15th 8:38
On April 7th, a critical vulnerability in the widely used cryptography library OpenSSL, was reported.
This vulnerability, known as Heartbleed, allows an attacker to steal private information stored on our services from the outside.
What we’re doing for the issue
Soon after we have noticed the issue, we started to protect our services and the websites we’re maintaining.
As of April 8th 14:00 (UTC), we’ve completed patching the affected versions of OpenSSL on all of our servers. We have also confirmed that the affected load balancer provided by Amazon Web Services that we are employing in some of our services had been fixed on April 9th 0:00 (UTC). For AWS’s update on this issue, see here.
So far, we’ve not detected any attacks against our services. However, it is known that the nature of this vulnerability makes any detection difficult. Therefore, we have decided to update the SSL certificates used in all of our services and have completed it on April 9th 4:00 (UTC). Old certificates will be revoked by certificate issuers.
In addition, we plan to reset all auto log in information created before April 9th on each of our service. Some of you may have to re-sign in to our services.
Although we have ran the necessary measures and ensured that we are no longer under threat using the SSL Server Test and some other tools, we will continue to monitor our services closely during this time.
What you can do about it
To keep your information secure, we strongly recommend you to update your password on our services.
- How to change password on Backlog
- Password setting on Cacoo
- Password setting on Typetalk ( Nulab Account )
If you’re using any of our service’s API, re-issue the credentials for your applications.
If you’d like to know more details about what we have done on each of our services, access the following inquiry forms or user forum and drop us your questions there.