On April 7 2014, new security vulnerability was reported in certain versions and components of the popular encryption suite “OpenSSL” utilized by many websites and service providers to establish secure communication over the Internet.
It is important to highlight that the OpenSSL vulnerability is not directly targeting LivePerson platform or core services.
Secure communication over the Internet is normally established over encrypted channels using SSL / TLS. The vulnerability in subject allows potential stealing of information protected by the SSL/TLS encryption.
As soon as we became aware of this vulnerability, a dedicated Security Incident Response Team (SIRT) has been established to assess the potential impact on LivePerson services (if any) and prevent potential impact to our customers and services by patching vulnerable systems (if such exists).
Based on assessment and testing, we were able to determine that our core Internet facing services are not vulnerable or impacted by the OpenSSL weakness.
If you have any questions please contact your Account Team or LivePerson Support.