Formstack and Heartbleed: the 411

Written by Formstack on April 9, 2014

Posted in Formstack Updates

If you’ve been following tech news or subscribe to any other popular SaaS apps, you may be aware of the recent HeartBleed security vulnerability. Heartbleed is a nasty bug in a very popular SSL library, OpenSSL, used to secure large swaths of the web. It is used to protect assets such as usernames, passwords, and sensitive information set on secure websites.

Be assured that no known breach or any system compromises have occurred in Formstack as a result of the Heartbleed update release. However, we’ve taken some precautionary steps to ensure your data is protected that we wanted to share with you.

What we’ve done already:

  • Patched OpenSSL on all of our servers, closing the vulnerability. All measures have been made to prevent any future security issues.

  • Issued new SSL certificates for all of our domains, ensuring that if anyone exploited the vulnerability, they can’t pretend to be a valid SSL consumer.

What we’re doing next:

  • Current Formstack Users will be forced to reset their Account logins for security purposes. This will manifest as a reset request for a new password after you have logged in using your existing password.

  • As an additional security precaution, we strongly recommend resetting your API Tokens Keys.

If you have any questions about this vulnerability or the privacy of your data, please visit our Support page on the issue. Additionally, our support team is aware that questions may arise and are ready to address any concerns you might have. Please send them an email at support@formstack.com.