Customer.io’s Response to Heartbleed
Most of the internet was reacting this week to an exploit called Heartbleed.
On Tuesday, we had closed the primary vector of attack and tweeted about it.
We've upgraded OpenSSL to address the Heartbleed bug. http://t.co/gOdC9RkUTn . One exception is Amazon's ELB which they are working on.
— Customer IO (@CustomerIO) April 8, 2014
We received a few questions since then and wanted to more broadly talk about how we’ve addressed the Heartbleed bug.
What we did to secure your data
- We immediately upgraded OpenSSL on all servers in our control
- We use Amazon’s Elastic Load Balancer (ELB) service. They fixed Heartbleed on their services.
- There is no evidence anyone had compromised our certificates, but juust in case we have reissued SSL certificates from our certificate authority to ensure that all data in the future is properly secured.
What can you do to help?
The next thing you do should be to log out and log back in. We wanted to expire cookies, but learned that could have unintended consequences.
Thanks so much & best of luck patching all of your services too.