ReadyForZero joined nearly every major website and service provider this week in responding to the vulnerability discovered on April 7th known as Heartbleed. In short, this vulnerability opened up the possibility of a technical attacker being able to view encrypted traffic to an affected website, which could include your username and password or other sensitive information. If you’re interested in more of the technical details, see the last section of this post.
When we understood that our hosting provider, one of the largest in the world, was affected by the vulnerability, we immediately moved our main site onto servers that weren’t vulnerable and generated new encryption keys. We also completely disabled billpay and credit report features since these transmit especially sensitive information, such as credit card numbers or social security numbers. Until we were able to understand exactly how we were affected, we decided this was the safest response. Once we applied the fix to all parts of our site, we restored full service. This happened within 24 hours of when the vulnerability was made public.
What you should do
There’s no evidence that suggests that any of our users were affected as a result of this, but the nature of the vulnerability is such that we’ll continue to watch for anything suspicious. In the meantime, we strongly recommend that our users change their passwords, not only on our site, but on other sites with important data – such as your bank or your email account.
The vulnerability affected the mechanism that websites use to secure communications between your browser and the website’s servers. You’ve probably seen a little lock or green box on your browser – it looks like this on our site:
This means that communications are encrypted between you and the website. This is like sending a locked letter through the mail instead of a postcard, no one can read it unless they have the key. Heartbleed allowed anyone with technical knowhow to get the master key and open up the locked letters to and from any site. As mentioned above, part of our response was to generate new keys, which you can see if you click the lock on your browser, are dated this week:
If you have any questions, feel free to email us at firstname.lastname@example.org and ask.
 Your email account is important since this can be used to reset your password on other services. If you’re looking for more security there, you can enable stronger security by enabling “2 factor authentication” – which means you need to respond to a text message on your phone before you can access your email from a new computer. It’s not that painful, we do it. Here are the instructions if you use gmail: https://support.google.com/accounts/answer/180744?hl=en
Image Source: heartbleed.com