Heartbleed Bug Security

As of a couple days ago, a serious internet security risk called the “Heartbleed Bug” has been detected on a large number of websites that can put your private information at risk.

Information transmitted to an Internet site affected with this bug, such as a log-on page for online shopping, may become available to a third party. The Heartbleed bug has the potential to expose your private data, including usernames, passwords, credit card numbers, and emails.

How does it work?

Heartbleed is a vulnerability in the OpenSSL protocol – one of the most common data encryption mechanisms on the world wide web that is used to keep data such as your passwords and credit card information secure. The Heartbleed bug exploits this vulnerability via a loophole to obtain data that is intended to be hidden from spying eyes.

What We Are Doing:

We are changing all of our passwords and account information, regardless of the status of the website. Here are some specific examples:

  1. Squarespace: (The website hosting platform that we have recently changed to.) Has announced that it is not vulnerable. We have changed our password to be safe.
  2. Paypal: (How we accept film submissions and access ticket sales via Eventbrite.) Is not vulnerable.
  3. Stripe: (The platform we use to take donations from our website.) Their status is unknown. We have changed our password and rotated our API keys. This will ensure that no information can be accessed from here forward. Though there is no reason to believe that any information has been stolen from this site.
  4. Eventbrite: (How we collect ticket sales for our events) Is vulnerable. They have announced that they do not believe any information to have been stolen and we have changed our password and account information accordingly.

What You Should Do:

Check this list of commonly used online shopping websites and social media platforms that you may be using regularly. You should change your password immediately. Please review the following list, courtesy of Mashable Magazine:

The Heartbleed Hit List: The Passwords You Need to Change Right Now

Please note that WeTranfer, a platform that has allowed for several short film submissions for The Half Apple Festival, has been compromised and we recommend that you change your password, asap.

In addition, Websites that may use the affected technology, referred to as OpenSSL, can be identified by the padlock symbol in the browser address bar. You can use this tool to check if any given web site you wish to use is safe.