Statement on the OpenSSL Heartbleed vulnerability

C5d880e836d651846326433b1f40daaac33ecaa7 heartbleed 1

As you might have heard, yesterday was a pretty bad day for secure communication on the internet. Due to a critical bug in the widely used OpenSSL library which is used to encrypt communication between your browser and a website it was possible to gain access to usernames, passwords and other confidential information.

Podigee was also affected by this bug (as were many others like Yahoo.com, Adobe.com, etc.).

How was podigee.com affected?

As you might have noticed you access your Podigee Dashboard through a SSL secured connection symbolized by the (generally) green 'https' lock in your browsers address bar. Until yesterday it was possible to steal user sessions (read, someone can pretend to be you on Podigee) as well as the secret key that is used to encrypt the traffic between your browser and www.podigee.com.

Is this still a problem?

No, our hosting provider and all services we use in the background fixed the issue already yesterday by upgrading all systems to the most recent version of OpenSSL and exchanging SSL certificates where applicable.
Additionally we revoked our old (and possibly compromised) SSL certificate with a new one.
Podcast Blogs and our CDN were not affected as there is no communication happending that is encrypted.

How does this affect you as a user?

As your password might have been compromised, we would urge you to reset it as soon as possible. You can do so on the account settings page. Please also reset your password on other sites if you have used the same password there (which you shouldn't do!).