Last Monday, April 7, internet security researchers reported the discovery of Heartbleed, an internet-wide vulnerability in the encryption protocol known as Secure Sockets Layer (SSL). We took immediate corrective actions Monday, and by Wednesday we completed all the fixes necessary to ensure the security and continuous operation of all ActiveProspect services.
Those measures included:
* Updating affected libraries to patched versions
* Re-keying of all SSL certificates
* New passwords for all system level accounts
* New keys for all system-level services that grant access
There is no evidence of intrusion or unauthorized access to client data.
As an additional precaution, we’re asking all ActiveProspect users to immediately change their passwords and API keys. Each password and API key will need to be reset separately for LeadConduit and ActiveProspect ID. If you have any questions about managing your accounts, please contact customer support.