On April 7, 2014, the OpenSSL Project released an update to address a vulnerability nicknamed “Heartbleed”. The vulnerability affects a substantial number of applications and services running on the Internet, including Clarity.
What is Clarity doing about it?
- We've ensured that all of our systems have been patched to use the newer, protected version of OpenSSL.
- We've recreated and redeployed new SSL keys.
- We're going to be forcibly reset all browser sessions. This is a proactive measure to defend against potential session hijacking attacks that may have taken place while the vulnerability was open. Any sessions that remain open at 04:00 AM PST on April 10, 2014 will be closed and will require re-authentication.
We encourage all users to reset their Clarity account passwords. We do not have any evidence that passwords have been compromised, but any time a large scale vulnerability is discovered, the safest thing to do for your account is to rotate your credentials.