Last Tuesday news spread about the discovery of a major OpenSSL vulnerability that has affected large portions of the Internet. This bug, called Heartbleed, made it possible to access encrypted data passed between web browsers and affected servers.
The good news is that TypeEngine does not directly use OpenSSL technology, so we are not directly affected by Heartbleed. TypeEngine does not store credit card information. We have partnered with Recurly to handle payment processing. When TypeEngine customers enter their payment details, those details are sent via a Recurly form, and Recurly handles the billing and collection details. TypeEngine only creates charges to the account. Please take a moment to review Recurly’s blog post about Heartbleed, and what you should do about it as a Recurly customer.
TypeEngine has an account with Recurly that allows us to add charges to users’ accounts, which Recurly collects by charging the credit card they have on file. We have, at Recurly’s recommendation, changed that account and it’s credentials so if it had been compromised the old values can no longer be used.
Recurly reports that they are not aware of any attacks which have exploited this bug, but they are continuing to investigate and performing ongoing security checks while monitoring the situation.
TypeEngine takes account security very seriously. Our publisher accounts have stiff password requirements, and we recommend periodic password changes. We also recently audited our security practices and made some modifications to further harden our site against potential attacks.
We’d again like to reiterate that TypeEngine itself is, and was not, vulnerable to HeartBleed directly. We also recommend you follow any recommendations you receive from services related to your TypeEngine account.
The TypeEngine team