so_logo.png

Security Update Performed to Address OpenSSL Vulnerability

We understand that your information is your livelihood and it must be kept secure.

We maintain a strict privacy policy and contact data sent to us via our web service interface is never recorded to persistent memory. All our sensitive data is encrypted and our redundant infrastructure ensures the highest levels of service availability.

Our engineering team has been working to assess the impact for our users in the wake of the April 7th disclosure of CVE-2014-0160, known as Heartbleed.

We join nearly every Internet service provider in responding to this critical vulnerability in SSL. Our obligation as a custodian of your data compels a unique urgency with disclosures such as these – here’s what we know, what you need to do and where you can find additional help from us.

Service Objects audit results

HeartbleedWe have reviewed all Service Objects Web Services for impact for the issue described in CVE-2014-0160.

We have determined that our web services were unaffected and do not require customer action.

The Service Objects website and Service Objects account portal was discovered to be vulnerable and was patched at 8:30 AM PDT on April 9, 2014. After our review of the account activity there is no evidence that any Service Objects user accounts were compromised.

How to determine if your application is affected by Heartbleed

While Service Objects Web Services appear to be unaffected, we recognize a number of you may be using hosting providers or OpenSSL deployments that may be. Here is a quick walkthrough of how to determine if your application is affected.

Still have questions?

We hope this answers your questions about the impact of CVE-2014-0160 on your Service Objects applications. Feel free to reply this post by reaching out to Customer Support with follow up questions.

We’ll continue to monitor this issue as the community and vendors investigate this vulnerability further.