At this time, we have no evidence that iDoneThis has been attacked or that there has been any compromise of user data. All our measures have been precautionary.
We recommend that iDoneThis users change their passwords.
Heartbleed for the Less Tech-Savvy
Heartbleed is a recently uncovered security vulnerability in OpenSSL, which is used to secure highly sensitive data such as passwords. This would allow would-be attackers to view sensitive, encrypted data from a compromised site without leaving a trace and to use this data to potentially impersonate users of the site.
We’ve fixed the security vulnerability and recommend that you change your password as a precaution.
See the BBC’s coverage as well as Lifehacker’s plain language explanation for more information.
Heartbleed for the More Tech-Savvy
Yesterday the OpenSSL Project released an update to address the CVE-2014-0160 vulnerability. This vulnerability affected over 60% of web sites, including iDoneThis.
We updated the relevant code on our servers on April 8th, 2014. As of 1pm (Pacific Daylight Time), the vulnerability is no longer present.
As a precaution, we have also re-issued our SSL certificates and revoked our old ones.
Questions or Need to Get in Touch?
Email Rodrigo at rodrigo@idonethis.com. Head here if you need instructions for how to give us security reports.