On Monday April 7th OpenSSL released an update to address CVE-2014-0160 (aka Heartbleed). This was a vulnerability in the popular cryptographic library that is used to secure many major websites. It affected nearly two thirds of web servers, including sites like Google, Twitter, and Yahoo. Mashape has implemented the update and is no longer vulnerable to potential Heartbleed exploits. We’ve also reissued our SSL certificates, changed internal passwords, and changed private keys.
While we have no evidence that there has been any type of attack or intrusion, we have automatically logged out all users, and for extra security users should:
- Create new passwords: You can create a new password at https://www.mashape.com/settings/account.
- Generate a new API key: You can manage your production keys at https://www.mashape.com/keys.
We, along with the rest of the web development community, will continue to monitor the situation and make sure that all the necessary fixes have been enacted. If you have any questions about the OpenSSL situation and how it affects Mashape please contact us.