As you may know, details of a new security vulnerability discovered within OpenSSL (CVE-2014-0160), a crypto library used for encryption processes in many systems and services we all use on the Internet daily. When we learned of this vulnerability we took immediate steps to review our services and determine if we were using any versions of OpenSSL affected.
As with a majority of websites out there we found we were in fact using a version of OpenSSL affected, as a result we took the proper steps to remedy the situation and insure the safety of the users that depend on our services. First, we patched all versions of OpenSSL and then followed up with reissuing all SSL certificates used on our service domains (i.e. *.loader.io and *.reflector.io)
Since most of our users also run services and applications that could be affected by this vulnerability, we recommend you too take steps to insure your version of OpenSSL is patched. In addition, while we have no reason to believe any application data, or other private information on our services was compromised – updating your loader.io and/or reflector.io account password, as well as resetting your API key is a a simple and good precaution to take. You can edit your settings for loader.io here or reflector.io here.