On April 7, 2014, the OpenSSL Project released an update to address a vulnerability nicknamed “Heartbleed”.  The vulnerability affects a substantial number of applications and services running on the Internet, including Clarity.

What is Clarity doing about it?

  1. We've ensured that all of our systems have been patched to use the newer, protected version of OpenSSL.
  2. We've recreated and redeployed new SSL keys.
  3. We're going to be forcibly reset all browser sessions. This is a proactive measure to defend against potential session hijacking attacks that may have taken place while the vulnerability was open. Any sessions that remain open at 04:00 AM PST on April 10, 2014 will be closed and will require re-authentication.

Your Password

We encourage all users to reset their Clarity account passwords. We do not have any evidence that passwords have been compromised, but any time a large scale vulnerability is discovered, the safest thing to do for your account is to rotate your credentials.