On April 7th, Mojave Networks learned of a critical bug in specific versions of OpenSSL which has now become widely known as “Heartbleed”. We take all security risks seriously and due to the potentially high impact of this vulnerability we performed an immediate triage of our internal infrastructure as well as our third-party service providers.
After an exhaustive investigation we verified that none of our internal systems or services were affected by this vulnerability (“Heartbleed”), however we discovered that one of our third-party service providers which provides load balancing for our web services was affected. We have verified that as of April 8, 2014 these third-party services have been secured by the vendor and we have also updated our certificates for this service as a precaution. This third-party service did not affect our secure network traffic service, therefore the security of users’ network data was not affected. Although we have no evidence that any web service credentials have been compromised we are recommending that all administrators change their login password as soon as possible. In addition, we will be rolling out support for multi-factor authentication in a few weeks to offer our customers an enhanced level of security against situations like this.
Mojave Networks takes great care to ensure the security and privacy of our customers’ information. We have developed processes and procedures, which enable us in instances like this to identify, mitigate, and remediate any security issues which may arise. In this case we are fortunate that our processes prevented our infrastructure from being affected, but we want to assure you that we will remain vigilant to identify and respond to any issues which may arise in the future.
If you have any questions or concerns related to the security of your data, please contact email@example.com.