Wednesday 9 April 2014

Heartbleed OpenSSL vulnerability

Like many sites, some of our servers were vulnerable to this critical vulnerability in OpenSSL, which provides SSL encryption that you would normally expect to keep data safe!

All servers were patched within a few hours of the announcement, and as a precautionary measure, we have revoked and reissued all our SSL keys and certificates, ensuring that any private keys are now useless.

In addition, we only process payments through Paypal, so we do not hold any sensitive financial information.

Because so many sites were exposed to this vulnerability (some estimates say about two thirds of the internet!), we recommend that you change your passwords on all services that you use, including ours.