Mag+ resets passwords, internal credentials for users following Heartbleed revelations
The digital publishing platform Mag+ late this afternoon sent a note to users concerning the Heartbleed issue.
The Heartbleed bug is a vulnerability in the OpenSSL cryptographic software library. This bug allows the stealing of information normally protected by the SSL/TLS encryption used to secure the Internet.
Mag+ outlined its actions due to the news:
“The security and availability of your data is of critical importance to us. As a result, this is what we’ve done to protect your data:
Mag+ uses the Heroku cloud application platform for our products. This platform was patched as of Tuesday April 8 at 01:08 UTC to address the Heartbleed vulnerability.
- We have re-issued all SSL certificates to ensure they are safe from Heartbleed.
- We have reset all internal credentials and passwords.
- We will soon be revoking all active sessions, requiring all users to sign in again.
While we have no indication that any data has been stolen as a result of Heartbleed, like all sites we are strongly recommending that you change the password for your Mag+ Publish portal account.”
Mag+ has added a support page on the Heartbleed OpenSSL Vulberability.