Notice about the Heartbleed Bug

Posted April 14, 2014

The NBME has been working to assess the impact on our customers in the wake of the recent disclosure of CVE-2014-0160, known colloquially as the "Heartbleed" bug. The Heartbleed bug is a serious vulnerability in the popular OpenSSL encryption software library used to secure the Internet. Like nearly every service provider on the Internet, we are responding to this vulnerability by conducting a comprehensive security review. Based on our review to date, here is what we know, what we recommend you should do and where you can find additional information.

What We Know

NBME was using a version of SSL that was vulnerable to Heartbleed at the time of the announcement. The affected systems were patched and cleared of the vulnerability. The websites affected were limited to the following services.

What we recommend you do

At this time we have no evidence that any data have been compromised. However, as a precautionary measure we recommend that users with accounts for the websites listed above should change their passwords.

Where you can find additional information

Back to News Archive