Here at UpGuard, we take security seriously. As you may have already heard, the OpenSSL Project yesterday disclosed a serious vulnerability, nicknamed Heartbleed (CVE-2014-0160).
This vulnerability affected both UpGuard.com and UpGuard private instances.
We have multiple levels of proactive security controls in place and have not detected any suspicious activity. However, action was required and we have taken the following measures to mitigate any risk:
We have ensured that no UpGuard instances are running the vulnerable version of OpenSSL
We removed Amazon ELBs from our infrastructure until Amazon confirmed that they were no longer vulnerable
We reissued certificates for UpGuard.com and all private instances
We have detected that the above changes have resulted in a handful of agent-connected nodes losing connectivity to the UpGuard site. We will be in contact with those affected to assist.
As always, if you have any questions or concerns please let us know.