We would like to inform you about a recent and serious security vulnerability that has affected many websites across the internet.

A bug in the OpenSSL software package was discovered this week, it allows an unauthorized user to read the memory of the server OpenSSL is installed on, thereby gaining access to decryption keys which would give the unauthorized user the ability to read encrypted website traffic. Upon further analysis, it has been determined that this bug has existed since the 2012 release of OpenSSL, it has been dubbed the “heartbleed” bug due to it’s ability to read system memory (i.e. the “heart” of the server).

The status of our servers

It has been determined that NONE of Tech SourceHub’s web servers were running the vulnerable version of OpenSSL. We have determined that one of our application servers WAS running the vulnerable version of OpenSSL; we immediately patched the server upon notice of this bug.

What this means for you as a customer of another provider

If you have a website or server with another provider such as Google, iPage, GoDaddy, 1&1, Webs, Weebly, Hostgator, etc. Please check with them to determine if this vulnerability affected their servers. Also, please check with common online services you use such as but not limited to: online banking, email, social networks, etc. They will be able to inform you as to the status of their servers and the steps you should take if any unauthorized access was gained. Please see a list of vulnerable websites below. NOTE THAT THIS IS NOT A COMPLETE LIST.

Additional Information

Additional information on this bug and systems affected can be found atwww.heartbleed.com, a website specifically set up to cover this issue.

Thank you for reading this update in its entirety.

List of affected websites (some may already have been patched):

Testing yahoo.com… vulnerable.
Testing imgur.com… vulnerable.
Testing stackoverflow.com… vulnerable.
Testing kickass.to… vulnerable.
Testing flickr.com… vulnerable.
Testing redtube.com… vulnerable.
Testing sogou.com… vulnerable.
Testing adf.ly… vulnerable.
Testing outbrain.com… vulnerable.
Testing archive.org… vulnerable.
Testing addthis.com… vulnerable.
Testing stackexchange.com… vulnerable.
Testing popads.net… vulnerable.
Testing avito.ru… vulnerable.
Testing kaskus.co.id… vulnerable.
Testing web.de… vulnerable.
Testing suning.com… vulnerable.
Testing zeobit.com… vulnerable.
Testing beeg.com… vulnerable.
Testing seznam.cz… vulnerable.
Testing okcupid.com… vulnerable.
Testing pch.com… vulnerable.
Testing xda-developers.com… vulnerable.
Testing steamcommunity.com… vulnerable.
Testing slate.com… vulnerable.
Testing scoop.it… vulnerable.
Testing hidemyass.com… vulnerable.
Testing 123rf.com… vulnerable.
Testing m-w.com… vulnerable.
Testing dreamstime.com… vulnerable.
Testing amung.us… vulnerable.
Testing duckduckgo.com… vulnerable.
Testing leo.org… vulnerable.
Testing eventbrite.com… vulnerable.
Testing wetransfer.com… vulnerable.
Testing sh.st… vulnerable.
Testing entrepreneur.com… vulnerable.
Testing zoho.com… vulnerable.
Testing yts.re… vulnerable.
Testing usmagazine.com… vulnerable.
Testing fool.com… vulnerable.
Testing digitalpoint.com… vulnerable.
Testing picmonkey.com… vulnerable.
Testing petflow.com… vulnerable.
Testing squidoo.com… vulnerable.
Testing avazutracking.net… vulnerable.
Testing elegantthemes.com… vulnerable.
Testing 500px.com… vulnerable.