So, it turns out that there's a pretty serious vulnerability in OpenSSL
, and a large section of the web is affected. Until this morning, so was TR.
We've updated the version of OpenSSL running on TR to address the problem. According to the Heartbleed test
, we are no longer vulnerable.
However, if you have an account here, we strongly recommend updating your password. We cannot guarantee that some user passwords haven't been sniffed. If you use the same password on another site, it may be a good idea to change it there, too—so long as that other site doesn't fail the Heartbleed test.
Credit card information for subscribers was not compromised
. That information never traveled through our servers, nor was it ever stored there. All credit card information for TR subscriptions was and will continue to be handled solely by our payment processor, Stripe. When we offer to "save" your credit card information, we're simply saving a reference to the card in Stripe's database.