On Monday April 7, a new vulnerability called Heartbleed was revealed in OpenSSL, a software library widely used to protect websites served over HTTPS. The good news: the websites and apps we host were not impacted. The bad news: there are a great many websites and online services that were vulnerable.
Here's what you need to know:
Is My Website Vulnerable?
If your website is hosted with Banyan Theory, it is not and was not vulnerable to the Heartbleed bug. If your website is hosted elsewhere, you can use this tool to find out.
Is The Lightrail Toolkit Vulnerable?
Like the websites we host, fortunately the Lightrail Toolkit is not and was not vulnerable to the Heartbleed bug. (The Lightrail Toolkit is the web app our customers use to manage their websites and online presences. It's hosted at https://toolkit.lightrailapp.com.)
What Should I Do?
You should check with other online services like your bank and credit card companies to see if they were vulnerable to the Hearbleed bug. If they were, then you'll want to log in to each of those services and change your password, but only after the service has patched the vulnerability. If you do so before a service is patched, you'll open yourself up to hackers.
Is There Anything Else I Should Know?
For more information and technical details on the bug, see Heartbleed.com.