As you may have heard, the OpenSSL Project issued a Security Advisory on April 7th. The alert was regarding a possible weakness in encryption software used by two-thirds of all web servers in the world.
Nicknamed “Heartbleed”, the issue could potentially allow attackers to retrieve information from encrypted SSL endpoints.
We take security very seriously, and as of 11 am PDT on April 9th we have completed the necessary fixes to eliminate these vulnerabilities. This includes patching all web infrastructure possibly affected by Heartbleed. The team has scanned our infrastructure and found no other points of potential vulnerability, and we’ll continue to actively monitor the situation.
Although we have no evidence of any oDesk accounts being affected, as a precaution and best practice we do strongly recommend that you change your password.
VP, Technical Operations