As you may already know, security researchers recently identified a major internet-wide vulnerability known as “Heartbleed”. The flaw makes it possible for an attacker to read the memory from servers running older versions of OpenSSL, a tool used to secure websites.
Mavenlink is pleased to report that our core systems containing user data were not vulnerable to this exploit remain secure. We have no reason to believe any customer information was improperly accessed.
Our sales/marketing website (what visitors see when not logged into Mavenlink) and Amazon load balancing servers were running a vulnerable version of OpenSSL and have been promptly secured. We have also reissued all Mavenlink security certificates to further secure the connection between users’ devices and Mavenlink’s servers. Again, we have no indication that any customer information was exposed.
Due to the widespread nature of the OpenSSL bug, Mavenlink encourages users to change their account passwords for all websites containing sensitive data once those sites are known to be secure. This is especially important for users who may use the same password across multiple websites, some of which may still be vulnerable. This article provides a concise summary of how to create secure passwords.
If you have any questions about Mavenlink security, please don’t hesitate to contact our customer support team. We’re available 24/7.