Information was released yesterday about a new vulnerability (CVE-2014-0160) related to OpenSSL, a cryptography library that is used for encrypting a large majority of the traffic across the Internet. An audit of our systems revealed that we were using an affected version of OpenSSL.
We immediately took steps to remedy the situation. As of 9:05pm PT on Monday April 7th all of our servers have been updated to the latest version of OpenSSL that includes a patch for the vulnerability. No service downtime was incurred during the update.
As an extra precaution we have also reissued our SSL certificates for *.runscope.com, *.runscope.net (and each region subdomain e.g. *.us1.runscope.net) and *.passageway.io. The deployment of the updated certificates to servers in our customer-facing environment was completed as of 3:30pm PT on Tuesday April 8th.
It's highly unlikely that our systems were compromised before we deployed the patched OpenSSL version. However, we recommend taking some precautionary steps to protect yourself including signing out and back into your account, changing your Runscope account password, and resetting any API tokens sent via Runscope URLs.
As an infrastructure provider, protecting your data is our top priority. We are monitoring the situation closely and will post updates on our Twitter account and service status page accordingly. If you have any questions about this incident, please contact our support team.