April 10, 2014 Last Updated 4:53 pm

Mag+ resets passwords, internal credentials for users following Heartbleed revelations

The digital publishing platform Mag+ late this afternoon sent a note to users concerning the Heartbleed issue.

The Heartbleed bug is a vulnerability in the OpenSSL cryptographic software library. This bug allows the stealing of information normally protected by the SSL/TLS encryption used to secure the Internet.

Mag+ outlined its actions due to the news:

“The security and availability of your data is of critical importance to us. As a result, this is what we’ve done to protect your data:

Mag+ uses the Heroku cloud application platform for our products. This platform was patched as of Tuesday April 8 at 01:08 UTC to address the Heartbleed vulnerability.

  • We have re-issued all SSL certificates to ensure they are safe from Heartbleed.
  • We have reset all internal credentials and passwords.
  • We will soon be revoking all active sessions, requiring all users to sign in again.

While we have no indication that any data has been stolen as a result of Heartbleed, like all sites we are strongly recommending that you change the password for your Mag+ Publish portal account.”

Mag+ has added a support page on the Heartbleed OpenSSL Vulberability.