Heartbleed Vulnerability Update
As an infrastructure provider, we handle all security matters with the utmost seriousness. Before we rush to make changes, we try to analyze the issue, identify what might be affected, and work to provide the best possible fix.
Phaxio is hosted on Amazon Web Services and makes use of its Elastic Load Balancing (ELB) service. Because we terminate our SSL connections using ELB, there was a time when our services may have been vulnerable to Heartbleed. We closely followed the updates posted by AWS and have been assured that all affected load balancers have been updated and are no longer vulnerable. Additionally, we’ve reissued all of our SSL certificates for *.phaxio.com.
We take security very seriously and although it is extremely unlikely that any data was compromised, we recommend that you change your Phaxio password and cycle your API credentials.
Cycling Your API Credentials
To cycle your API credentials, go to the API Keys page at Phaxio. Then, click the “Create Live Key” button which will generate a new set of credentials for you.
After you’ve changed the credentials in your application, navigate back to the API Keys page and click the “Delete” button next to your old API credentials.
Changing Your Phaxio Password
To change your Phaxio password go to the Profile page. Next, click the large green button and follow the instructions.
If you have any questions, please reach out to us at support@phaxio.com.