Heartbleed and CoinJar Security

We published an update about the Heartbleed Challenge on Monday, 14 April.

By now, you’ve probably heard of the ‘Heartbleed’ bug. It’s a serious bug in OpenSSL that allows an attacker to access information on a secured server. OpenSSL is an industry standard and is part of the backbone of Internet security.

While there’s not a lot of good news around this flaw, we are happy to confirm that we are not affected by the bug. CoinJar’s SSL sites were patched by our service providers prior to the exploit being disclosed. Once the announcement was made we also verified that none of our services were running any of the affected versions (OpenSSL 1.0.1 through 1.0.1f inclusive).

Although we aren’t affected by this flaw, many other organisations are. If you use your CoinJar password in any other place, we strongly recommend you change it as a precautionary measure. This serves as a timely reminder to use a strong, unique password for each of your Internet accounts and consider MFA (Multi Factor Authentication) as an added level of protection.

As always, please contact us via our Support Forum if you have any questions or concerns. You can learn more about Heartbleed here.

Please see the update we published about the Heartbleed Challenge on Monday, 14 April.

Update – Support Ticketing System

11 Apr 2014

In a blog post published yesterday, ENTP (the creator of CoinJar’s support ticketing system, named Tender) confirmed that Tender was never affected by the Heartbleed bug.

Information submitted to CoinJar Support via Tender is safe and sound.

Update – ID Verification Service

11 Apr 2014

CoinJar reached out to GreenID, our ID verification service provider, who confirmed that GreenID “are not using an affected version of the OpenSSL library“.

ID information submitted to CoinJar is safe and sound, and held in accordance with our Privacy Policy.