As you probably know by now, Heartbleed is the name for a bug in the OpenSSL cryptography software that, in short, could enable an attacker to steal the private key that was meant to encrypt TLS secured connections. With access to the private key, the attacker could access user names, passwords, and other sensitive data that internet users thought was being transmitted securely.

Messinet Secure Services was one in the estimated 66% of all internet sites using a compromised version of OpenSSL on our public website and email servers. Fortunately, we upgraded our OpenSSL libraries immediately on 2014-04-07 when the announcement was made and the updated packages were available. In order to protect future SSL/TLS internet transmissions, we also revoked the potentially compromised StartSSL certificates, re-keyed, and implemented new certificates on 2014-04-10.

The real problem is that an attacker could access sensitive information from past connections which may have been captured.

While Messinet Secure Services is now properly re-secured, it is critical that users with accounts and passwords at Messinet Secure Services change their passwords. This is the difficult, but final step in the process to overcome the breach created by Heartbleed. If you are one of the affected users, you will receive an email with instructions on how to change your password.