As announced last week, DF Studio’s vulnerability to the Heartbleed bug was mitigated within 24 hours of its announcement thanks to the efforts of Amazon Web Services. As a further precaution, AWS recommended that all customers rotate their SSL certificate (see https://aws.amazon.com/security/security-bulletins/aws-services-updated-to-address-openssl-vulnerability/). The DF Studio team has completed the recommended changes by generating and installing a new certificate on all of the DF Studio sites.

“Should I update my password?”

It is technically possible that your login and password information could have been stolen prior to the fix being applied. However, if your password was stolen, when the attacker attempted to access your account you would be sent a Browser Verification email (assuming you have not disabled Browser Verification – see article What is Browser Verification?).  The attacker would not be able to access your account without the code in the email.

However, there is no harm in updating your password.  Since DF Studio’s SSL certificate has been updated, you may now safely update your password for additional peace of mind.

If you have any other questions, please contact DF Studio customer support by clicking the “Support” link on this page, or by emailing support@dfstudio.com