On 14th October, a serious design flaw in SSLv3, cryptographic protocol to provide secure communication over the Internet, was reported.
This vulnerability, known as POODLE, allows an attacker to steal private information stored on our services from the outside.
What We’re Doing for This Issue
As soon as we were aware of this issue, we began protecting our services and websites immediately.
As of Oct 15th 03:00 (UTC), we’ve completed disabling SSLv3 on all of our servers which are providing access via HTTPS. According to CVE-2014-3566 Advisory, we’ve also disabled SSLv3 on all load balancers and Amazon CloudFront distributions provided by AWS on Oct 15th 09:00.
We will keep on updating our security system to ensure maximum safety on our services.