Hey, Mr. Bass!

OpenSSL Heartbeat (Heartbleed) Vulnerability (CVE-2014-0160) and its High-Level Mechanics

Urgent security update

staff:

Bad news. A major vulnerability, known as “Heartbleed,” has been disclosed for the technology that powers encryption across the majority of the internet. That includes Tumblr.

We have no evidence of any breach and, like most networks, our team took immediate action to fix the issue.

But this still means that the little lock icon (HTTPS) we all trusted to keep our passwords, personal emails, and credit cards safe, was actually making all that private information accessible to anyone who knew about the exploit.

This might be a good day to call in sick and take some time to change your passwords everywhere—especially your high-security services like email, file storage, and banking, which may have been compromised by this bug.

You’ll be hearing more in the news over the coming days. Take care.

Yep, super fun times. Should still be fun though!