1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar

OpenSSL vulnerability security response

The engineering team at Blinksale has worked to assess the impact for our customers of the CVE–2014–0160 vulnerability, also known as Heartbleed.

This critical vulnerability has affected a large portion of service providers over the Internet, who are using OpenSSL.

After our investigation there is no evidence that any Blinksale user credentials or user data were compromised.

Audit results

The Blinksale application is not using a version of OpenSSL having the Heartbleed vulnerability.

The Blinksale public website is hosted on AWS ElasticBeanstalk, which may have been using a version of OpenSSL that was vulnerable. Amazon has reported that all AWS services have been updated.

All the accounting and invoicing applications with which Blinksale integrates already were or have been secured.

As a precaution, we are rotating all of our SSL certificates and keys.

Leave your comment