ShareASale's Response to the Heartbleed OpenSSL Vulnerability

ShareASale does not use the vulnerable versions of OpenSSL in any of our websites, nor in our FTP servers, so the Heartbleed bug does not present a risk to any ShareASale usernames, passwords or other data.  If you use the same password on other sites, you may want to change that password in case it was compromised at one of the other locations.  We also encourage you to use our Two Factor Authentication which can help to mitigate the damage in the case of a compromised password. 

A third party provider which handles some email for the shareasale.com domain was vulnerable to this bug.  That provider has patched their systems and issued new certificates.  Neither ShareASale nor the provider has any reason to believe that information was inappropriately accessed due to this vulnerability.  If any data was compromised, it would be limited to the contents of the email sent to the shareasale.com domain.

Please feel free to contact ShareASale if you have any additional questions.

Posted on Thursday, April 10, 2014 at 05:15:00 PM in General News
Tags: news,  alert,  heartbleed
Michael Littleton

By Michael Littleton

Michael is the Vice President for Operations of ShareASale, but prefers to think of himself as the CGO (Chief Geek Officer). Outside the office, his favorite role is that of “1000100 1100001 1100100”.

Add comment

Signin or Signup to comment