By now you’ve likely heard about the vulnerability in the OpenSSL cryptographic library known as Heartbleed. Heartbleed exposed a potential security threat to an extremely large number of websites including CalendarWiz, Yahoo, Facebook, Google, Pinterest, Instagram, Tumblr, MineCraft, TurboTax, and many others.
We wanted to communicate how CalendarWiz has handled this situation.
First, there are no indications that CalendarWiz has been attacked. However, we do understand that the nature of the vulnerability makes an attack difficult, if not impossible to detect. We’ve completed the process of patching our servers and re-keying our SSL certificates. That said, I’ve decided against forcing password resets for our users, but recommend doing so as a precaution.
CalendarWiz has taken the following steps to protect you from Heartbleed:
- Patched all servers running the vulnerable version of OpenSSL.
- Installed (rekeyed) new SSL certificates based on new private keys.
- Revoked old SSL certificates.
- Removed active sessions.
- Requested that you change your password.
Please keep in mind the bleeding doesn’t stop with CalendarWiz. The following web applications listed here, were also affected.
Thanks for your patience. We hope our frenzy to update hasn’t impacted your calendar usage, and/or availability. We’ll update with pertinent information if and when it becomes available. Contact us at firstname.lastname@example.org if you’re curious about something we missed in this post.
Director of Product Development