You may have read in the news about a recent security issue called the “Heart-bleed Bug”. Since it impacts internet based services, I thought I’d do a quick blog update to let you know how our security team responded here at Newsweaver.
First of all – what is the “Heart-bleed Bug”?
The Heart-bleed Bug is an identified vulnerability that has affected many Internet services within a widely used internet security system called OpenSSL. You’ve seen OpenSSL if you’ve noticed https and the little padlock on a website URL you are visiting. The vulnerability enables potential attackers to view snippets of the memory content of web servers. (Read more about it)
Our approach and commitment to data security
We are very committed to data security in general at Newsweaver, including the security of our customers’ data, Newsweaver has been certified to the ISO 27001 Information Security Standard – which is recognized globally for managing risks to the security of information. We are the only Email Service Providers in Europe to have achieved this prestigious certification.
Our Heart-bleed audit
Regarding Heart-bleed, our security team conducted a review of our servers, and found a limited number of the servers were using the affected version of OpenSSL. These were immediately patched with the new version of OpenSSL that eliminates the vulnerability. They also took a number of precautionary measures to update the Newsweaver system and further eliminate any potential vulnerability. During this audit, the team found no evidence to suggest that any user data has been compromised.
Newsweaver customers have been asked to reset their passwords
As part of the precautionary measures, we’ve contacted all customers to reset their Newsweaver password.