As you may have heard in the news, a vulnerability was discovered this week in OpenSSL, the software that is widely used for encryption across much of the internet.
The vulnerability is called Heartbleed, endangering encryption keys and data of SSL connections on the Internet. This allows anyone to read out the memory of vulnerable servers. Specifically, this means an attacker can read keys, passwords and other private information. There is more information about the bug at http://heartbleed.com. Additionally you can check whether you are vulnerable at http://filippo.io/Heartbleed/
Many companies, large and small, including Birch Hosting Limited, use this software to help build their secure systems, so this flaw is very widespread. Currently its believed that over 70% of the worlds servers were affected by this.
Like many others, we have taken appropriate action to patch the vulnerability in our infrastructure. All shared hosting servers have been patched and the certificates have been changed.
We have seen no unusual activity on any of our systems to indicate that advantage has been taken of the vulnerability. However, as a precaution we are contacting you to change your password if you have logged in to Birch Hosting or your cPanel account recently.
Given the widespread nature of this flaw, it is a reminder to us all to consider refreshing the passwords for the important online services that you use. This is particularly important if you use the same details across more than one website or service.
If you are using the 2 factor authentication to log into your client area then capturing the username and password would have been of little use to the potential hackers anyway.
If you have a SSL certificate then you are strongly advised to get in touch with your supplier to get a replacement as it is possible that the encryption keys could have been captured. If you have any questions please don’t hesitate to get in touch via the ticket system.