Heartbleed/OpenSSL vulnerability


This post may describe functionality for an old version of CARTO. Find out about the latest and cloud-native version here.
Heartbleed/OpenSSL vulnerability

Probably you have heard of Heartbleed already so we will keep this short. This is what what we did at CartoDB the following hours after the issue was announced (By Tuesday April 8th 2014 at 11.00 UTC all our systems were free of this vulnerability)

  • We patched all our systems with a fixed OpenSSL version
  • We re-issued all our HTTPS certificates
  • We logged out everybody from their accounts

We don't have any evidence that this vulnerability has been exploited in our services. However because of the nature and importance of this specific vulnerability we strongly suggest that you change your CartoDB credentials your password and your API keys. You can do this under "Account settings" once you log in to your account.

If you have any question please contact us at support@cartodb.com