Two days ago, the OpenSSL project announced a very serious vulnerability in OpenSSL called Heartbleed, which can expose visitors’ personal information on web sites that use https. ThinkUp uses https, so we wanted to update our members on what we’ve done to protect you from Heartbleed.
ThinkUp’s user-facing web server runs a version of OpenSSL which was not affected by Heartbleed. Several of ThinkUp’s backend servers, which are not exposed to users but do exchange information on a closed network, were affected by Heartbleed. We patched these servers on Monday evening, immediately upon hearing news of the vulnerability.
ThinkUp doesn’t collect or store credit card numbers (as Amazon Payments handles our subscription processing), and it does not store Twitter or Facebook passwords, just keys that grant ThinkUp read-only access to your social data. You can read more about how ThinkUp handles private and sensitive data here.