On April 7 a serious security vulnerability (CVE-2014-0160) was disclosed in the OpenSSL library. Like much of the internet, we responded to this critical issue by conducting a security review of our servers. The result of that review is as follows:
Koding is unaffected by the security vulnerability known as Heartbleed.
The primary reason for this is that we’ve never used the OpenSSL library and so as a result, are unaffected. Koding built its own proxies using Go and Go has its own implementation of TLS. Therefore, you don’t need to change your password (unless you used the same password on other sites that have been affected by Heartbleed).
We did a thorough investigation anyway and we’ve concluded that none of our servers were affected by this bug, nor was any user information compromised. However, that being said, our engineering team will continue to monitor the situation and share updates as they become available.
At Koding we take security and transparency seriously, which is why we want to let you know your information is safe. No additional step is required on your behalf. If you have any questions feel free to email us at [email protected]
See you on Koding! :)