As you may have heard from recent stories in the media, a bug, known as “the Heartbleed bug,” was discovered in OpenSSL, a widely used software library employed by millions of internet sites to provide encrypted SSL traffic. More background can be found at https://en.wikipedia.org/wiki/Heartbleed_bug#Heartbleed_bug and in the mainstream media.
There is no evidence of this bug having being used to access any information on the Co-op’s servers, however because of the severity of the potential problem, the Co-op took immediate steps to patch and secure all of its servers. This work is complete. We are now actively rotating any related SSL keys and expect this work to complete later today.
The nature of this bug is such that once it is patched, additional steps will need to be taken to ensure ongoing security of traffic. Most
inconvenient of these, once the new SSL certificates are in place later today, we will be requiring all users of Co-op servers to reset their passwords. We will be following up shortly with instructions on how to do this across different systems.
If you have any further questions or concerns, we invite you to contact the Co-op’s Systems Manager and Privacy and Security Officer Scott Leslie at firstname.lastname@example.org.