This week a security vulnerability termed ‘Heartbleed’ that exists in a piece of open source software called OpenSSL was identified.
OpenSSL is one of the most popular tools used to secure some of the internet’s traffic. It’s an encryption technology designed to protect sensitive data on the internet like user names and passwords, and is commonly used on websites, applications and services running on the internet.
The vulnerability means that encrypted data may be accessible by remote attackers when sent across the internet.
What have we done to protect our customers?
Security is paramount to us, so as soon as the vulnerability details were revealed we carried out audits to identify any issues posed by Heartbleed. Where there was any potential risk we have mitigated as appropriate with the relevant security components. As an additional measure we are also applying new security certificates as a precaution.
What do we advise as best practice?
We have no indication that Sage has been a target of such an attack, but we recommend that customers follow security best practice and regularly change their passwords to reduce the risks that any vulnerability such as this may cause. This applies to any of the sites you use online and not just Sage.