A critical OpenSSL vulnerability nicknamed “Heartbleed” was discovered recently. IMPORTANT: It is very likely that you are impacted by this vulnerability. Read on for more info.
Details you should know:
1. This is not a vulnerability with SSL Certificates or Namecheap.
2. SSL/TLS is not broken, nor are the digital certificates issued by Comodo or Symantec brands.
3. Users of OpenSSL versions 1.0.1 through 1.0.1f with the heartbeat extension enabled are affected. OpenSSL version 1.0.1g addresses the vulnerability, as well as OpenSSL instances compiled without the heartbeat extension.
4. As a precaution to protect your data, we highly recommend that all Namecheap users change their account passwords.
Namecheap has created a detailed Knowledgebase article where you can learn about Heartbleed, determine whether you are affected, and find out what to do next. Please read the article as soon as you can. It’s located here: https://www.namecheap.com/
Take care of yourselves, your domains, certificates and servers!
Thank you and don’t hesitate to contact namecheap if you have any questions.