Earlier this week, security experts have detected a significant security problem in some versions of the widely-used OpenSSL software. This problem is now commonly referred to as Heartbleed.
At Planio, we have taken steps immediately to mitigate the risks and to safeguard our services to you. We completed upgrading all of our servers to a new OpenSSL versions at 10:30 UTC on April 8, 2014 and we replaced our existing SSL certificates at 19:41 UTC on the same day.
Additionally, we have investigated and audited all of our infrastructure here at Planio and have no evidence that the security of any accounts or services has been compromised.
To further safeguard your account’s integrity and your Planio data, we highly recommend you change your Planio passwords and invalidate your Atom and API access keys.
Change your password
- In your Planio account, navigate to My account at the upper right hand side of the screen.
- Next to the My account heading, click the Change password link and follow the instructions.
Invalidate your Atom access key
- Still in My account, find the Atom access key heading in the sidebar and click the Reset link below it.
- If you have been using Planio’s Atom feeds in other applications, you will need to resubscribe.
Invalidate your API access key
- Find the API access key heading in the sidebar of your My Account page and click the Reset link below it.
- If you have been using Planio’s API, you will have to note the new API key and replace it in all apps that have been using an API key, like the Planio iPhone App.
As a precautionary measure, we will also end all current user sessions in about 15 minutes, i.e. at 19.30 UTC of April 9, 2014. You will be logged out from Planio automatically and will be able to re-login immediately afterwards.
If you use a custom domain name for Planio (e.g. https://projects.mycompany.com), we recommend to replace your SSL certificate. Please get in touch with us directly by sending an email to firstname.lastname@example.org. If you have a regular https://mycompany.plan.io domain, you do not need to contact us.
Thanks for your attention. Please be ensured that your data security is our highest concern and we are taking appropriate steps to ensure it. If you have further questions, please don’t hesitate to get in touch.