As many of you have heard by now, a serious security vulnerability was recently discovered that allowed attackers to access decrypted HTTPS traffic and as a result access secure information in an unencrypted format. The vulnerability is known as the “Heartbleed” bug.
First and foremost, none of the ASAP systems were affected by this bug and no ASAP data was ever compromised directly through this vulnerability. ASAP systems do not in fact use the code libraries (OpenSSL) that contained this particular bug.
But because of the extensive nature of the vulnerability we are strongly suggesting our users, especially those with administrative rights, to change their ASAP system passwords. While ASAP was never directly compromised, many people use the same password across multiple sites, so in this case it is possible that a password stolen from an affected site could be used to gain access to the ASAP system. This includes both user passwords and ASAP API keys.
We are continuing to monitor and evaluate the impact of Heartbleed as more information becomes available. If any new relevant information emerges we will let you know.