Security Update: 'Heartbleed Bug'

Post image

The “Heartbleed Bug” has been making its way around the news over the last few days. At Unroll.Me, we value your privacy and take security extremely seriously. Therefore, we felt it would be appropriate to update you on what we’ve done to ensure that your account is secure and is being handled with care.

What exactly is the ‘Heartbleed Bug’?

The Heartbleed Bug was discovered on April 7th in the OpenSSL library, a piece of encryption software used by a majority of Internet servers ([about 66%]. Researchers from Google and from a security firm named Codenomicon have found a serious bug in OpenSSL that could potentially expose names, passwords and content you send to secure websites. Many popular websites have been affected by this bug. See FAQ on the Heartbleed site.

Steps we’ve taken:

Unroll.Me, like most services, relied heavily on this security to protect your information. Upon the announcement of this bug, Unroll.Me has worked actively, with the help of Amazon Web Services, to patch all servers against this vulnerability. We have also re-keyed all of our SSL certificates to ensure that your account is safe.  The last step, to provide you with additional layer of security, is the re-encryption of all sensitive user information.

Additionally, we have logged you out of your Unroll.Me account, and links in your Rollup emails prior to today will no longer be active.

We’re very sorry that this happened, but rest assured, Unroll.Me is always taking steps to ensure the security of your account.

If you have any questions or concerns, please reach out to our support team by sending us a tweet or by submitting a support ticket.

Author image


Jack has a strong passion for finding, discussing and building new products. He oversees numerous projects, with a focus on Unroll.Me's growth and engagement.