SMS-Magic : Heart is Not Bleeding Here!
security vulnerability nicknamed “Heartbleed“. This vulnerability impacts the encryption used for internet communications and could allow access to decrypted HTTPS traffic. Like many service providers, once Screen-Magic team became aware of Heartbleed, We moved quickly to address, and evaluate the impact of, this vulnerability. We know that you share our concern for security and privacy, so we want you to be aware of the specifics of Heartbleed vulnerability as it relates to SMS-Magic. Click Here to find more information., the OpenSSL project released an update to address a serious
[pullquote]Patches have been applied to all impacted servers, a process which was completed and confirmed by 1PM IST on April 10th 2014.[/pullquote]
First and foremost, we have no evidence that the Heartbleed vulnerability was used to obtain any SMS-Magic data or to access SMS-Magic services. SMS-Magic’s application servers were using affected versions of OpenSSL. Patches have been applied to all impacted servers, a process which was completed and confirmed by 1PM IST on April 10th 2014. Nevertheless as a precaution, we’ve replaced our private key and SSL certificate since it’s plausible that SMS-Magic certificates could have been exposed.
What you should do
While there’s no indication that SMS-Magic user data has been impacted, we strongly recommend that users update their SMS-Magic account passwords.
Many of our users have sites or applications hosted which store their SMS-Magic credentials or other sensitive data. So, we also recommend auditing all services you may use to determine if they are also vulnerable, taking steps to repair any vulnerable services, and replacing SSL certificates once the vulnerability has been removed.
Thanks for your Co-operation.
Co-Founder & CTO
Screen-Magic Mobile Media Pvt Ltd.