Socialcast Response to Heartbleed, aka CVE-2014-0160
Like so many other services across the Internet, Socialcast was vulnerable to the OpenSSL bug known as “Heartbleed”. The vulnerability allows attackers to read decrypted content and may expose user data, session tokens, and passwords.
Although we have no indication that any data has been exposed, we are exercising caution and following best practices to ensure that we continue to provide a secure environment to all Socialcast customers.
Yesterday, we applied the update to our production systems to prevent any further exposure. Today, we replaced our SSL certificate keypairs and revoked all sessions, forcing users to log in again.
You should be receiving, or have already received, an email from Socialcast with specific recommendations for your Socialcast account. Your IT department may also initiate a forced password change. Please check with your community administrator(s) if you have further questions about your Socialcast environment.
We appreciate your understanding as we work to remediate this risk.
The Socialcast Team