Socialcast Response to Heartbleed, aka CVE-2014-0160

By
|   Apr 9, 2014

Like so many other services across the Internet, Socialcast was vulnerable to the OpenSSL bug known as “Heartbleed”. The vulnerability allows attackers to read decrypted content and may expose user data, session tokens, and passwords.

Although we have no indication that any data has been exposed, we are exercising caution and following best practices to ensure that we continue to provide a secure environment to all Socialcast customers.

Yesterday, we applied the update to our production systems to prevent any further exposure. Today, we replaced our SSL certificate keypairs and revoked all sessions, forcing users to log in again.

You should be receiving, or have already received, an email from Socialcast with specific recommendations for your Socialcast account. Your IT department may also initiate a forced password change. Please check with your community administrator(s) if you have further questions about your Socialcast environment.

We appreciate your understanding as we work to remediate this risk.

The Socialcast Team

Comments are closed.

« Previous
Feature Updates: March 2014
Next »
Feature and Mobile Updates: April 2014
Sign up to receive email communications regarding events, webinars, and product news.

Author Spotlight

Morey Straus
Morey Straus Sr. Manager, Information Security View full bio

Authors

What is Socialcast?

Socialcast by VMware (NYSE: VMW) is a social network for business uniting people, information, and applications with its real-time enterprise activity stream engine. Behind the firewall or in the cloud, Socialcast enables instant collaboration in a secure environment. Socialcast is headquartered in San Francisco, California. www.socialcast.com