All posts

How the Heartbleed vulnerability relates to Debitoor

As a user of online services, chances are you already know of the recently discovered Heartbleed vulnerability, and you’ve probably already changed passwords on your most used programs to be on the safe side.

Like 2/3 of all online services, Debitoor uses an OpenSSL security framework, and two days ago, we learned about this security vulnerability, which also affects Debitoor.

What we’ve done

Following the notification of this vulnerability, we have:

  • verified with our partners and suppliers that they have patched any exposed components and taken appropriate measures to secure their infrastructure going forward
  • changed SSL security certificates on the Debitoor application and services

​In other words, we’ve made sure that no Debitoor services are exposed to this vulnerability anymore.

To the best of our knowledge, no Debitoor data have been compromised due to this vulnerability, but due to the nature of the Heartbleed bug, it’s very difficult for us to know this with 100% certainty.

What you should do

Although Debitoor is safe from this vulnerability now, we recommend that you change the password of your Debitoor account – and any other online services that you use for that matter.

Actually, as a general password best practice, we recommend that you change your passwords regularly and that you make sure you’re not using the same password for different services.

Questions?

If you have any questions about this, we’re here to help.