As many of you are aware by now there is a security vulnerability in the OpenSSL cryptographic protocol which has been dubbed Heartbleed.
Our game software is not vulnerable to the bug. We have updated all our web servers with the latest patches.
We have asked our service providers what they have done about this and the ones we could get hold of all responded positively.
Our web hosting company states: “yes, we already updated openssl to the newest version – additional information about this could be found here http://www.hetzner-status.de/en.html”
Invision, our forum software company states: “All of our servers were updated to the latest version of OpenSSL to secure them against the Heartbleed bug as soon as the issue was discovered.”
Paypal has made the following statement:
1) Your PayPal account is secure
2) Your PayPal account details were not exposed in the past and remain secure
3) You do not need to take any additional action to safeguard your information
4) There is no need to change your password
We received this from Xsolla:
Our team has reviewed our exposure and we want to make clear to you the
steps we’ve taken to ensure your continued protection:
None of our public facing web servers are running the version of OpenSSL
that includes this vulnerability and there is no impact to the Xsolla service.
Some of the servers we communicate with internally were using the
affected version of OpenSSL; these systems have all been patched with a
new version of OpenSSL that eliminates the vulnerability.
We have reviewed the potential exposure and we have no evidence to
suggest that any user data has been compromised.