As you’ve probably read by now, there was a major security breach this week that affected the majority of the Internet’s websites. We sat down with TeamSnap Operations Lead Mark Cornick to find out what sort of impact this breach has on TeamSnap.
So what happened?
Researchers detected a bug called the Heartbleed Bug in OpenSSL, the secure socket layer used by the majority of websites, like Gmail, Yahoo! and TeamSnap. In basic terms, that means the bug could expose the kind of information that is normally encrypted when sent across the Internet — passwords, banking information, etc. — to an attacker.
For a more in-depth explanation, check out this article.
What’s been done in response?
The OpenSSL folks have already put out a fix, which has been picked up widely. On the TeamSnap side, we found out about the bug — and the fix — when it was announced and immediately went into action. We checked to make sure all of our servers had the fix, we contacted our tech partners to make sure they knew about the bug and were also adopting the fix, and we revoked our previous security certificate and private key and issued new ones.
Was TeamSnap affected?
To our knowledge, there were no attacks to TeamSnap or its stored data. However, we pride ourselves in offering the kind of information security we’d want to have for ourselves. After all, in addition to being TeamSnap employees, we are also TeamSnap users. Though we have no knowledge that any of our information was negatively affected, we wanted to be proactive.
You’re a wicked smart kinda guy. What advice do you have for people in light of this bug?
Despite the fact that we don’t think TeamSnap information was compromised, we highly suggest users to change their TeamSnap password. Because Heartbleed affected so many sites, consider changing ALL of your passwords across the web. We suggest updating these passwords on a regular basis, which many of us don’t think to do until an incident like this happens. Consider using different passwords for each site you use. That way if one password is compromised, not all of your passwords are compromised.
That sounds kind of annoying. I sometimes forget my own birthday, so how can I remember dozens of passwords?
There are some tools to help with this. For example, if you have iOS 7 or Mac OS X, you can use the iCloud Keychain, which generates passwords, stores them and autocompletes them for you. There’s also a tool called LastPass, which is a password manager that keeps a secure database of your passwords and remembers them in your Internet browser.
We at TeamSnap take security very seriously. We will continue to take ninja-like proactive measures to ensure your information is safe with us. If you have any more questions, don’t hesitate to contact us at firstname.lastname@example.org.