On April 7 2014, new security vulnerability was reported in certain versions and components of the popular encryption suite “OpenSSL” utilized by many websites and service providers to establish secure communication over the Internet.
Secure Chat Widget was the only LivePerson product utilized by customers that was affected by HeartBleed vulnerability. As soon as we've learned about the vulnerability. The service was patched within few hours and certificates were revoked and replaced.
Secure communication over the Internet is normally established over encrypted channels using SSL / TLS. The vulnerability in subject allows potential stealing of information protected by the SSL/TLS encryption.
As soon as we became aware of this vulnerability, a dedicated Security Incident Response Team (SIRT) has been established to assess the potential impact on LivePerson services (if any) and prevent potential impact to our customers and services by patching vulnerable systems (if such exists).
Any affected service was patched as soon as possible.
The response team will completed, comprehensive investigation of all applicable components, in order to make sure LivePerson services are not impacted or vulnerable.
If you have any questions please contact your Account Team or LivePerson Support.