As you’ve probably read during your recent Internet travels, an OpenSSL vulnerability was uncovered that puts server data at risk. Many prominent sites have since corrected the issue, dubbed Heartbleed, and its been advised that web passwords be changed. Yet, LogMeIn just reached out with an interesting twist — they believe their server infrastructure to be sound at this time and don’t require a cloud password change. Yet it’s possible our local computer passwords were put at risk, given how data is relayed:
The real world risk of compromise based on this vector is probably minimal, especially if you use distinct usernames and passwords. But consider this an Ides of April PSA: Update your LogMeIn client software and contemplate changing your computer account password as LogMeIn continues to evaluate their (our) exposure:
In addition, our security team continues to perform a rigorous diagnostic investigation to ensure the protection of our users, and will provide additional product-specific updates if necessary.