On Wednesday April 9th at 8:10am, the global Heartbleed openssl vulnerability issue was identified by our technical support team through various News and Government reports.
Brief Description of Heartbleed
Basically the Heartbleed bug is a hole in the security of encrypted connections using something called SSL protocol. SSL is the most widely used method of encrypting communication between your computer and a web server. It's often used by online stores and email providers to help encrypt and protect your personal data.
This bug affected servers all over the world.
The problem the Heartbleed bug introduced was that traces or bits of that personal data might be left sitting on the server for hackers to potentially access and download - meaning that your personal data might have been picked up by malicious folks out there.
This bug has been around for over a year now and was only discovered recently by security experts.
If you want more information on the Heartbleed bug, a quick Google search can point in the right direction. The official website can be found at: http://heartbleed.com.
OSM Action Report
Immediately upon identification of the security risk on April 9th, our Server Operations Team began checking all of our servers to see which may have been affected. We found that approximately half of our servers were impacted.
That same morning we patched and rebooted all the affected servers to fix the vulnerability. We also contacted all customers hosted on these servers and advised them to change passwords for their accounts.
Any customers on the affected servers that were using SSL certificates for their own websites also had their SSL certificates reissued and reinstalled by us during the course of the remainder of the day.
Any customers that did not hear from us on April 9th are currently hosted on servers that were not affected by the Heartbleed bug and no further action is required on your part.