Our Response to Heartbleed
April 9, 2014
As you may have read in the press, a significant security vulnerability across much of the internet was recently uncovered by a team of security researchers, related to commonly used software called OpenSSL. Security experts refer to this issue as Heartbleed.
We join nearly every service provider on the internet in responding to this issue. Within hours of discovery, we took proactive measures, in coordination with our security consulting firm. Our systems and those of our technology vendors are fully up-to-date and, as a precautionary measure, we terminated all existing sessions and installed a new SSL certificate. All of these measures were completed as of Wednesday, April 9, 2014.
An independent source has verified that the Max website is not vulnerable to Heartbleed:
Given the widespread nature of the Heartbleed issue, however, many security experts have recommended that individuals consider changing passwords they use on the internet. If you would like to change your Max password, you may do so by visiting your Profile page within the Max website and then click on the “Password & Security Questions” tab. To the extent that you change any of your bank login credentials, please be sure to update those credentials on the Max website as well, via your Profile page, under the tab labeled “Linked Accounts.”
If you have any questions or concerns, don’t hesitate to reach out to us at firstname.lastname@example.org.
Gary E. Zimmerman