OpenSSL Security Update

On April 7, the OpenSSL project issued a Security Advisory that detailed a serious vulnerability in the encryption software in use by a large percentage of the internet. This vulnerability (nicknamed “Heartbleed”) would potentially allow attackers to retrieve information from encrypted SSL endpoints.

We have prioritized hardening those services which handle account credentials and have secured those as of 10pm PDT April 8th. Though we do not believe any Optimizely accounts were compromised, we are taking action to proactively secure our customers’ accounts.

Because of the sensitive nature of Optimizely’s interaction with its customers websites we strongly recommend that customers change their password immediately. Out of an abundance of caution, we will soon be issuing new passwords to all our customers.

We will continue to harden our remaining services and will issue another notice when this is complete.

Please don’t hesitate to contact us if you have any questions about this issue, and please follow @OptlySupport to stay up to date on Optimizely’s service status.

UPDATE (April 10  11AM PST): At 10:30PM PST on Wednesday April 9, Optimizely began forcibly resetting passwords for all customers. Customers will have received an email notifying them of the password reset.