As you may have heard, a major security vulnerability; dubbed "Heartbleed," was recently discovered in OpenSSL.
OpenSSL enables SSL and TLS encryption, which governs HTTPS—the secure communications between your computer and the servers on the Internet. It is used by about 2/3 of the web servers in the world. This vulnerability was the result of a programming error (or bug) in several versions of OpenSSL.
Due to the scope of this vulnerability, out of an abundance of caution, we are recommending an email password change for all users as soon as possible.
At its worst, Heartbleed allowed potential access to a private key for an SSL certificate as well as the encrypted communication itself.
This basically means that any individual with the knowledge and skills required to exploit this vulnerability, had a window to grab your user names, passwords and any private information you may have accessed with practically any of your online services that utilize the affected versions of the OpenSSL toolkit.
Upon learning of this exploit, our email engineers took immediate action. After a full system audit, we concluded that no public-facing web servers were exposed. We did, however, find a single SMTP end-point which was intermittently vulnerable. We immediately removed this server from rotation, applied the proper updates and proceeded to insulate all remaining servers from potential exploit.
We are confident that these actions eliminate any further vulnerability associated with your email and Heartbleed.
At this time we have no reason to believe any sensitive user information was accessed, however, out of an abundance of caution we recommend that all end users change their email passwords at their earliest convenience.
If you cannot update your passwords, please email us and we will be glad to assist you. And remember, it is unsafe to use the same username & passwords across multiple online services.
This exploit, as outlined above, was something that was beyond our control and had to do with the systems in place on the web and not with CyberSpyder, Inc.
Again, out of an abundance of caution due to the sheer scope of this issue, we are recommending a password change for all users as soon as possible.