TrainingPeaks, Heartbleed and Your Security
You have likely heard the term Heartbleed lately, and it is not about the dangers of too much endurance exercise. It is a serious security bug that affects as many as two thirds of websites on the internet. We want to assure you that your information is safe, however there are some actions you should take to ensure that you are fully protected.
What is the Heartbleed Bug?
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This bug made it possible to steal data that was normally protected by SSL. For more info see http://heartbleed.com/.
How was the TrainingPeaks Website Affected?
TrainingPeaks load balancers, the machines that direct traffic to our web servers, utilize OpenSSL and had the flaw. We immediately patched the servers on Tuesday April 8. Additionally, we revoked our SSL certificates and reissued new ones. TrainingPeaks systems are now secured against Heartbleed.
What You Can Do Now.
We recommend you change your password. Please note that you will need to change it for both your TrainingPeaks account and Device Agent. Go here to see how you can reset your password in both products.
In the coming days you will want to reset your passwords on a number of sites, not just TrainingPeaks. Again, this is a widespread issue that affected many websites so protect your information. Use a unique password for every site. Consider utilizing a password manager such as LastPass to help with password management.
Since we want you to be safe where ever you go online, a good list of popular sites and their status can be found here. To be even more secure, LastPass has integrated a tool that will tell you which of your password protected sites are still at risk. Since you can never be too safe regarding your online information, here are two more good resources you can use to check if a website is vulnerable https://lastpass.com/heartbleed/ and https://www.ssllabs.com/ssltest/.
Thank you for your understanding surrounding this issue. Keeping your information secure and safe is priority number one at TrainingPeaks. So go outside and enjoy your weekend of training and know that when you log in to view your workouts or analyze your data, your information is secure.
For those of you that already knew about Heart Bleed and changed all of your passwords immediately, you may be the type of person we are looking for to join our team of developers. Currently we have several openings in Development and are looking for qualified applicants. If you love clean code and working in an open and productive environmnent see our current openings here.