Recently the OpenSSL project released an update to address a serious security vulnerability CVE-2014-0160 nicknamed "Heartbleed". This vulnerability impacts the encryption used for internet communications and could allow access to decrypted HTTPS traffic. Like many service providers, once ISN's engineering team became aware of Heartbleed, we moved to address and evaluate the impact of this vulnerability. We know that our users share our concern for security and privacy, so we want you to be aware of the specifics of Heartbleed vulnerability as it relates to ISN.
First and foremost, we have no evidence the Heartbleed vulnerability was used to obtain any ISN data or to access ISN services.
ISN operates multiple public interfaces for ISN services. Most of the public interfaces were not impacted by Heartbleed. The interfaces which were impacted were updated several hours after the release of the security update. ISN did update the application servers which were using affected versions of OpenSSL.
What you should do
While there's no indication that ISN user data has been impacted (including passwords), we strongly recommend users update their ISN account passwords.
If you have any questions about this information please let us know! You can reach us by chat, email at firstname.lastname@example.org, or phone at (800) 700-8112.