We wanted to respond to the recently discovered Internet bug, Heartbleed, which affects the OpenSSL framework used by many websites to privately send and receive data.
Heartbleed and Infusionsoft
Infusionsoft was not directly affected by Heartbleed. No Infusionsoft servers were affected by the bug, but a third party API proxy service that we are using in a very limited beta with developers was affected. The API proxy service, hosted by Mashery, patched the bug and as a precaution we re-keyed our SSL certificates with Mashery.
To proactively protect your personal and business data from Heartbleed, we highly recommend the following actions:
- Reset all online passwords, especially if you use any of the websites listed here.
- Use unique passwords for every website; you can use Random to create strong passwords.
- Consider using a digital password vault like Lastpass to safely store and auto fill your passwords. As an added benefit, Lastpass has added a scan for Heartbleed.
If you have created or have hired a developer to create an integration with Infusionsoft, there is a potential that your server may be vulnerable to Heartbleed. Contact your developer to make sure they’ve patched your server and have updated your Infusionsoft API key. Need help updating your Infusionsoft API key?
Sometimes the Internet can be a scary place, but we have put the appropriate measures in place to keep your data safe. If you have any questions or want to learn more, please read this overview. For more technical details, visit Heartbleed.com.
UPDATE: The original post stated that Heartbleed had no impact on Infusionsoft, while that remains true, this post has been updated to reflect the impact of the third party API proxy service that was affected by Heartbleed.