Update on Heartbleed Challenge

Last week we posted about Heartbleed and how it affected our services. At the time of writing our servers had been patched and tested to ensure that Heartbleed did not effect us when the news was made public.

New developments took place over the weekend. CloudFlare set up the Heartbleed challenge and confirmed that it is possible to access a server’s SSL key using the exploit. This means that it is possible that any server that ever used a vulnerable version of OpenSSL could be insecure. This includes CoinJar servers, though the chance of an exploit is highly unlikely.

We had already begun the process of replacing our certificates last week, prior to hearing the news. Once we have updated things on our end we will let you know and recommend you change your password. Until then we will be monitoring our systems for suspicious activity.

As always, we strongly encourage you to set up MFA (Multi Factor Authentication) on your account as an extra level of security.