On Monday, April 7th, a major vulnerability named Heartbleed was discovered in OpenSSL, the library that secures many websites, mail servers, and VPNs on the internet. It is estimated that two-thirds of secure websites on the internet use OpenSSL, and most of those sites used the vulnerable version. Belly was one of them.
We have no evidence that the Heartbleed vulnerability was used to access any of Belly’s services or data. Belly was made aware of the vulnerability at 5:00pm (Central Daylight Time), and we were completely patched by 6:30pm. As an extra precaution, we also changed our security certificates by 10:00pm. However, we do recommend you change the password on your Belly account. Everyone who works at Belly has.
Because this vulnerability was so widespread, we also recommend changing your password on most websites. Mashable has a list of what major websites were affected. While you are doing this, it would be a perfect time to start using a password manager like 1password or Lastpass. These tools make it very easy to use a unique password for every website you log in to, which is a great idea.
Protecting our Members and Merchants is our daily objective. By reacting quickly to resolve this issue, we’re confident that your information is once again secure. Because let’s be real, “Belly”, “Heart", and ”Bleed" should never be used in the same sentence.
For more technical details, continue reading on our tech blog.