NovoEd’s Response to the Heartbleed Bug
The Heartbleed Bug, caused by a vulnerability in the common OpenSSL cryptographic software library, has impacted more than two-thirds of the internet, including sites like Google and Yahoo. We value your privacy and take security extremely seriously, so we’ve taken multiple steps to ensure that your account remains secure.
Although NovoEd’s software itself was not impacted, NovoEd leverages a number of third-party tools, including payment tools, transactional email services, and elastic load balancers that relied on this security encryption to protect your information. We have confirmed with each of the affected services that they have patched their servers and are no longer vulnerable. As a result, there is no threat of future snooping.
We do not believe there were any attacks on NovoEd during the vulnerable period, but we are taking a number of precautions just in case. We have replaced all of our SSL certificates and keys to ensure your account is safe.
We strongly recommend all NovoEd users change their password. (This is best practice on all sites across the web, in fact.) This evening (Saturday, April 12), we will be logging out all of our users and sending a reminder to change passwords.
As a reminder, NovoEd does not store any credit card or payment information on our servers. Our internal servers are behind a secure firewall, and all passwords are encrypted (salted and hashed).
We’re very sorry that this happened, but rest assured, NovoEd is always taking steps to ensure the security of your account. If you have any questions, do not hesitate to contact us.