LiquidSpace Addresses “Heartbleed” Security Vulnerability
On Monday, the OpenSSL project released an update to address a serious security vulnerability nicknamed “Heartbleed”. This vulnerability impacts the encryption used for internet communications and could allow access to decrypted HTTPS traffic.
LiquidSpace does not use OpenSSL. LiquidSpace’s web, mobile, and other application services are hosted within the Microsoft Azure platform which was not impacted by the OpenSSL vulnerability. Moreover, we use Microsoft Azure’s Secure Channel (a.k.a. SChannel) which is not susceptible to the Heartbleed vulnerability.
We do, however, depend on other services that do use OpenSSL. Our Engineering team is verifying that these other services have updated their version of OpenSSL, and we are updating our passwords and API keys.
The Engineering team at LiquidSpace has assessed the impact to our members. At this point there is no evidence that any LiquidSpace member credentials or data were compromised.
Information security and your trust is fundamental to LiquidSpace. We appreciate that trust, and work to earn it every day by monitoring, testing, and improving our security continuously.