By now you may have heard of the security vulnerability CVE-2014-0160 popularly known as Heartbleed. This was a bug in the popular OpenSSL encryption library used by a majority of web sites, including AddThis.
SSL is a technology that allows you to securely connect to a website and is usually indicated in browsers with a lock icon. Banks, online stores, government agencies, social networks, and many other websites use SSL to protect your communication. In short, due to the CVE-2014-0160 it’s possible an attacker could have compromised communication between you and a website even when that lock icon was displayed. Worse, an attacker might be able to gain passwords or other information that would allow all future communication to also be compromised. That’s why it’s quite literally been front page news all week.
What AddThis Has Done
AddThis patched all of our affected services the morning of April 8th as soon as we were aware of the issue, and had a fix tested. Since then we have rolled out new SSL certificates and confirmed with our partners that they have taken similar corrective steps.
What You Can Do
If you have any questions about this, feel free to contact our support team at firstname.lastname@example.org.