You may have heard some talk recently about the “Heartbleed bug.” That’s the scary-named vulnerability that was just discovered in the software library that protects many sites on the internet – including Buffer.
We wanted to make sure to tell you exactly what we know and what we’ve done about Heartbleed at Buffer to keep your information as safe as possible.
What is Heartbleed?
The Heartbleed bug was just recently discovered on April 7th in OpenSSL, a kind of cryptography software that protects an estimated 66%+ of the entire web. It can allow anyone on the internet to decrypt protected web traffic and potentially uncover names, passwords, and content you send to secure web sites. Although it was just found, the bug has been around for more than two years, which means a lot of sites that we all use every day may have been affected. That’s the gist, but you can learn a lot more about it at the Heartbleed FAQ.
How Buffer has reacted
To fix the vulnerability in Buffer, we have worked with Amazon Web Services to patch the vulnerability and re-keyed all of our SSL certificates. This closed the vulnerability for all Buffer customers. That means for your security, you’ll be logged out of your Buffer account and will need to sign back in. We know this isn’t ideal, and we’re really sorry to add these additional steps to your day.
What you can do to stay safeSince we’ve made these updates, your data is now safe in Buffer. We would encourage you to change your password for Buffer and any other site that you log in with. (Check first to make sure they’ve fixed the vulnerability, though – otherwise you might have to change it again later. Services like Lastpass can help you navigate which sites are vulnerable and when you’re clear to change your password.)
And if you haven’t activated Buffer’s optional 2-step login , now would be a great time to do that. It’s the most secure and safest way to handle your social media accounts.
One final note: Although this security breach affects far more than just Buffer, we’re who you trusted with your data and we take that trust and responsibility very seriously. We’re really sorry this happened.
Got questions about Heartbleed, web vulnerabilities and Buffer? We’re here to help.
If you’re interested in more information about what the Heartbleed vulnerability is and things you can do to protect yourself, here are some great links. Some of these links may be a bit technical, if you have any questions at all about this, just tweet us!