A critical vulnerability called the Heartbleed Vulnerability was recently reported by the media that can affect certain commonly used versions of the OpenSSL library by allowing attackers to read memory information from servers running these affected versions of OpenSSL.
As part of its continuous and regular monitoring of its systems, and upon discovery of this potential vulnerability, the ACTIVE Network Security and Information Technology teams promptly worked to identify any systems or services running potentially at risk versions of OpenSSL and determined that nearly all of its infrastructure was either running on non-vulnerable versions of OpenSSL or utilizing unaffected SSL mechanisms. The few additional servers running a limited set of marketing services was immediately identified and patched. As an added best practices precaution, ACTIVE Network also initiated replacement of its SSL certificates for all platforms and systems.
Although the ACTIVE Network’s Security and Information Technology teams have found no evidence of compromised user data, it is highly recommended, as reported in the media, that users promptly take measures to change all passwords for online and Internet based accounts and, in doing so, ensure that best practices for developing passwords, such as not using the same password for multiple accounts, are followed.
ACTIVE Network takes the security of your data very seriously. As new information relating to the Heartbleed vulnerability continues to be released through further investigation, our teams will be monitoring and reacting accordingly.