Recently the OpenSSL project released an update to address a serious security vulnerability CVE-2014-0160 nicknamed "Heartbleed". This vulnerability impacts the encryption used for internet communications and could allow access to decrypted HTTPS traffic. Like many service providers, once ISN's engineering team became aware of Heartbleed, we moved to address and evaluate the impact of this vulnerability. We know that our users share our concern for security and privacy, so we want you to be aware of the specifics of Heartbleed vulnerability as it relates to ISN.

Impacted services

First and foremost, we have no evidence the Heartbleed vulnerability was used to obtain any ISN data or to access ISN services.

ISN operates multiple public interfaces for ISN services. Most of the public interfaces were not impacted by Heartbleed. The interfaces which were impacted were updated several hours after the release of the security update. ISN did update the application servers which were using affected versions of OpenSSL.

What you should do

While there's no indication that ISN user data has been impacted (including passwords), we strongly recommend users update their ISN account passwords.

Did this answer your question?