What Chimp’s doing to protect your account from the Heartbleed bug

April 11, 2014
3 min read

Charitable Impact

Keeping your account information secure so that you can give with confidence is our top priority. That’s why when news of the “Heartbleed” security vulnerability broke this week, we took immediate action to fix the issue.

We want you to know that we’ve taken all necessary steps to keep your data protected, and our servers have been updated. We understand that you may have some questions about how this vulnerability might have impacted the security of your Chimp account. In an effort to keep you updated, we’d like to outline what the issue is, how we’ve addressed the vulnerability, and how you can change your password to protect yourself for good measure.

What is the Heartbleed bug and OpenSSL?

The Heartbleed bug is a vulnerability announced this week, which affects many sites using OpenSSL. OpenSSL is a software component used, by as many as two-thirds of the servers on the Internet, to authenticate and encrypt communications so that your information is kept secure.

How does Heartbleed work?

The bug allows an attacker to read small chunks of data at random from a target server’s working memory. Attackers don’t know what information will be in the data or whether it will be useful to them, but they can do it repeatedly in an attempt to uncover sensitive information, such as the server’s private encryption keys. If the encryption keys are obtained, the attacker can then eavesdrop on communications sent to and from the server.

How does this impact Chimp and what are the risks?

As a website that uses OpenSSL, Chimp was among many websites affected by this vulnerability. We want you to know that the risk to Chimp was very low, and we have no evidence of any compromise of user accounts.

Steps we’ve taken to keep your data safe

As soon as we became aware of this vulnerability, we took immediate steps to address the issue. To protect your data, we updated our servers as of 8:20 a.m. PDT on April 8th, and our SSL certificates have been re-keyed and reissued. These changes have eliminated the vulnerability caused to our website by Heartbleed.

What you can do to protect yourself

We’re confident Chimp is secure, but we believe you can never have too many safeguards. As a precautionary measure, we’re recommending that you change your password on Chimp. You can do so by clicking here.

When you log into your Chimp Account, you’ll be brought to your Account Settings where you can change your password. Alternatively, you can also choose to reset your password via email by clicking “Forgot your password?” on the Log In page.

What about other Internet sites?

Given the widespread nature of this vulnerability, taking time to change your passwords on all sites that may have been affected by this bug is a smart idea. However, we suggest waiting until you’ve received confirmation of a fix from a site first before changing your passwords. Until then, consider staying away from those sites. It may take them a few days – or longer – to update their servers.

Questions?

Your security and confidence are important to us. If you have any questions or concerns, please don’t hesitate to get in touch – we would be happy to talk with you.

Call us: 1-877-531-0580
Email: [email protected]