Our response to Heartbleed

Thijs Cadier

Thijs Cadier on

This week, a serious security leak in OpenSSL came to light. The leak – named Heartbleed – also made AppSignal vulnerable. We have taken the following steps to secure our systems:

  • We immediately patched all our systems to use a version of OpenSSL with a fix for Heartbleed on Tuesday. This includes both our loadbalancers and Ruby installs.

  • We changed our SSL keys and reissued our certificates.

  • We replaced API tokens for external services we use.

  • We set a new session secret so all users have had to log in again.

We advise our users to change their password, user API token and Github credentials on AppSignal. We have no evidence of any malicious activity, but better safe than sorry. If any new information becomes available we will post it here and on our Twitter feed.

Thijs Cadier

Thijs Cadier

Thijs is a co-founder of AppSignal who sometimes goes missing for months on end to work on our infrastructure. Makes sure our billions of requests are handled correctly. Holds the award for best drummer in the company.

All articles by Thijs Cadier

Become our next author!

Find out more

AppSignal monitors your apps

AppSignal provides insights for Ruby, Rails, Elixir, Phoenix, Node.js, Express and many other frameworks and libraries. We are located in beautiful Amsterdam. We love stroopwafels. If you do too, let us know. We might send you some!

Discover AppSignal
AppSignal monitors your apps