Your Information is Secure: Schoology and The Heartbleed/OpenSSL Vulnerability

Contributed By

Timothy Trinidad

Founder and VP of Systems Engineering at Schoology

Your Information is Secure: Schoology and The Heartbleed/OpenSSL Vulnerability

Posted in Schoology | April 09, 2014

On April 7, 2014, a vulnerability with the OpenSSL library, a data encryption protocol used by many web servers across the internet, was discovered and published. This vulnerability, known as Heartbleed Bug (CVE-2014-0160), could be used to remotely obtain and exploit sensitive information.

After a thorough audit of our system, we have determined that none of the schoology.com sites (including white-labeled domains that point to Schoology) have been affected by this vulnerability. All of our customer-facing SSL Termination Points (i.e., our load balancer and DDoS Reverse Proxy) are either not using the OpenSSL library or are using versions of the OpenSSL library that did not include this vulnerability.

As a precaution, we have gone ahead and updated all internal servers that had the OpenSSL package installed. This will not affect your Schoology accounts, so you can continue using the platform normally.

Please feel free to contact our Support Team if you have any questions or concerns.

Thank you,

Tim Trinidad
Founder & CTO
Schoology, Inc.

Join the Conversation