If you have been watching the news over the last 48 hours, you may have seen stories about the “Heartbleed” SSL bug, a security vulnerability that may have impacted websites that rely on SSL certificates, and therefore impacted just about every major site across the internet from Facebook to Yahoo to Google, and beyond. To learn more about the bug, go here. This post is to let you know what we’ve done at FreshBooks to address Heartbleed, and offer steps you may want to consider going forward.
On Monday around 1 PM EDT the vulnerability was first discussed publicly among security professionals. Around 4.30 PM EDT we learned about the bug and planned our response. By 8:00 PM we had built and deployed our fix to the FreshBooks platform. In addition we have since replaced all of our SSL certificates and keys that may have been exposed.
Now that the root cause is addressed and the FreshBooks platform is protected from the bug, you may want to consider changing your password, especially if you were using FreshBooks between 1:00 PM and 8:00 PM EDT on Monday, or if you use the same password on several websites. As a rule, regular password updates are a form of good security hygiene, not unlike brushing your teeth to prevent cavities.
Finally, I want to personally thank the dedicated FreshBookers who worked late to respond to this issue with the urgency it deserved. As our clients, you deserve nothing less. Nonetheless, I am personally pleased with what I saw from our team.
If you have any questions, as always please contact us. More about the bug here.