Details on a major internet security vulnerability, referred to as the OpenSSL Heartbleed bug, were announced earlier this week. This bug exists in the OpenSSL library that is used by many websites to encrypt and secure the information transferred from a website user’s browser to the website’s servers. You can find a wealth of updated and detailed information on the issue at http://heartbleed.com.
We have taken a full inventory of all hosting environments, servers and online tools we use and have found no impacting exposure to this security bug. All websites we host are safe. Fortunately, the large majority of the servers and infrastructure used by One North are on Windows software which does not use the OpenSSL library.
However, because OpenSSL is used in some way on a majority of the websites we all visit every day, many experts recommend that individuals change all passwords, especially if those individuals tend to reuse the same password across multiple sites. If one login credential was exposed, it provides a way into the others – even those not initially affected by the Heartbleed bug.
As this is a developing issue, we will update this post with any additional information. But for now, we want to reiterate what many leading companies are recommending, which is to change all of your passwords.