On April 7, 2014 information was released about a new vulnerability in OpenSSL (CVE-2014-0160). Security bug is called “Heartbleed”. This affected most of internet service, and Sketchboard was also affected. As of right now, we have no indication that the attack has been used against Sketchboard.
What Sketchboard has done?
- Sketchboard updated it’s OpenSSL library version that fixed the bug on April 8th, 2014.
- New SSL keys were deployed.
- All browser sessions have been cleared. This means that you need to relogin to the service.
- GitHub application token was revoked.
- Stripe keys were rotated.
- Google secret was updated.
What you should do
- Change your password — remember to use a unique password rather than sharing across sites.