LearnVest unaffected by Heartbleed
By now you have probably heard or read about the CVE-2014-0160 vulnerability, poetically dubbed the Heartbleed bug. This programming flaw, in the widely used OpenSSL security library, has impacted a wide swath of internet traffic.
We wanted to take a moment to talk to you about how this affected LearnVest. Immediately on being made aware of this vulnerability, our security team launched a thorough investigation of our systems and servers. We are happy to confirm that none of LearnVest’s servers were affected by this vulnerability and there is no evidence of a breach of any kind. In addition we have reached out to all of our service vendors and verified that none of these services were affected either. We care very deeply about the security and privacy of your data, and are constantly monitoring our server operations to ensure we continue to stay safe and insulated from this and other vulnerabilities.
While your LearnVest account is safe, secure and unaffected by Heartbleed, we highly recommend you change your passwords on other sites that may be affected. Here is a link to some information about what sites are known to be affected by this bug: http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/. If you use your LearnVest password to log in to any of these affected sites, please change your LearnVest password immediately.
As always, we are here to answer your questions or address any of your concerns. Your security is our priority.
CTO, LearnVest Inc