OpenSSL security update for SimpleLegal

Nathan Wenzel | February 22, 2016 | Articles

At SimpleLegal, we take data security very seriously. We’re writing to let our customers and prospective customers know about our response to the very serious bug found in the widely used, OpenSSL encryption library.

There is no evidence that our servers were compromised and all usage fits existing patterns. However, the nature of this vulnerability is that it leaves no trace, so we are proceeding with caution.

The First Step

When we were first notified of the bug, we took immediate steps to determine the extent of the problem and determine the necessary actions to safeguard our customers. Our application relies on the world-class security provided by Salesforce.com to protect our data. We contacted their security team to confirm the necessary actions on our side.

How Did SimpleLegal Respond to the Vulnerability?

First, we changed our server passwords and confirmed that the vulnerability was patched on the servers. Next, we updated our security certificates and updated our passwords again. Then we updated the login credentials of our accounts used to access Salesforce.com. Last, we terminated all user sessions for all customers requiring all users to login again to access their SimpleLegal dashboard.

How Should I Protect My Account?

There is no action required on your side However, we do recommend all users change their password on their SimpleLegal account. You can reset your password here: https://app.simplelegal.com/accounts/password/change/

If you have any questions, please let us know at [email protected].