A vulnerability in OpenSSL called CVE-2014-0160 (nicknamed “Heartbleed”) was publicly announced on Monday, April 7. Papertrail:
Patched the HTTPS endpoint serving
papertrailapp.comon Monday at 3:30 PM UTC-7 (see status blog).
Verified that our TLS-encrypted log endpoint is not vulnerable to the exploit.
https://papertrailapp.com/to use a new TLS certificate at 5:00 PM UTC-7. This certificate was generated by a different private key. Related internal passphrases were also changed.
Deployed forward secrecy As part of patching OpenSSL.
This vulnerability affects many, probably most, SSL-enabled Internet services in some form. We echo Tumblr’s recommendation, as reported in the LA Times: “take some time to change your passwords everywhere.” Be safe.