Heartbleed’s impact at GDV
The OpenSSL Heartbleed bug threatened the security of data across the internet. This vulnerability affected anyone who visited a compromised website and put them at an increased risk for identity theft, credit card theft, and hacking. While this security threat was found in over half a million webservers, we have concluded that our production environment and webservers are not at risk.
The Heartbleed bug allows encryption keys to be bypassed, giving unauthorized user access to unsecure data like passwords and account numbers. The concerning issue is that the bug has been in existence for 2 years already, but only been made public. We can only assume the prolific hacker community has been aware and exploiting this for some time, and now even the amateurs can get in on the game.
The GDV production systems that provide your backup and disaster recovery services were never exposed to the Heartbleed vulnerability.
Our website does use OpenSSL but we have completed our remediation. We see no evidence of any data loss or theft and the site has always functioned as it is intended.
If you have any concerns about your backup account or your disaster recovery services, please contact us directly. More information about Heartbleed can be found at http://heartbleed.com. A comprehensive list of companies who were exposed can be found here: http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/