Hello folks –
Unless you’ve been hiding from the news lately (or perhaps ignoring the news while hanging out at NAB!), you’ve probably already heard about the Heartbleed bug that is affecting web servers across the Internet. It is estimated that 66% of web servers are vulnerable to the bug and, unfortunately, Red Giant’s web servers fell into the camp of those affected. As soon as we found out about the vulnerability, we patched our servers and changed our security keys. Our security team has analyzed the data we have and didn’t find any evidence that user accounts have been compromised, but because of the nature of the exploit we cannot conclusively say they weren’t.
During the window where our servers were vulnerable, it would have been possible for someone to sniff out your password while you were connected to our website (and logged into your Red Giant account with your Red Giant ID). While we likely weren’t high on the list of sites to undergo any malicious attack, it is possible. It is more likely that a more popular website you used could have been compromised. If, like most people, you use the same password on most websites, things can only get worse.
We believe it would be prudent for you to change all of your passwords, not just your Red Giant one.
Andrew Cheyne, Director of Engineering