Warning — Your VPN may be Compromised

Openvpn & Heartbleed bugHere at VPNaccounts.com, we are constantly stressing the fact that you need to use care in choosing your VPN provider. We pride ourselves on using the safest protocols in providing your VPN service. This fact has become even more important in recent days with the revelation that the Heartbleed virus may have compromised many big VPN providers who depend on OpenSSL (open source encryption) to deliver their services. Almost two-thirds of the world’s servers are believed to have been affected by the Heartbleed bug.

What is the Heartbleed virus?

The Heartbleed bug is a vulnerability in the encryption technology known as SSL which helps to secure data transmissions on the Internet. The Heartbleed bug only affects the open source variant of SSL, known as OpenSSL, but the problem is that this variant is used by two of the most popular server platforms, Apache and nginx. Because of the security flaw discovered in OpenSSL, any information transmitted across these platforms is now at risk. This includes credit card numbers, passwords, and numerous other sensitive data. To give you an idea of how serious this threat is, Tumblr (Yahoo’s blogging service) uses OpenSSL. Many other large websites use the flawed software, including Yahoo Mail and Flickr.

Is my VPN safe?

If you are one of the many customers served by VPNaccounts.com, you can take comfort in knowing that we DO NOT provide OpenVPN services which relies on openSSL (OpenVPN uses OpenSSL as its crypto library by default and thus is affected too). The VPN you purchased from us is not vulnerable to the heartbleed bug.

However, for many big VPN providers. Here is a list of just some of the VPN services which have been determined to be vulnerable to the Heartbleed virus as they rely heavily on using OPEN VPN. Their services are mainly openVPN based. You can read more about how OpenVPN is affected by the open SSL vulnerability to the heartbleed bug here.

  • Hidemyass.com
  • Strongvpn.com
  • PureVPN.com

The fact is, many of the major VPN providers use OpenSSL as a security platform and are now potentially compromised by the Heartbleed bug. This means that any data you have transmitted across these platforms might now be at risk! We repeat, if you have used one of the aforementioned VPN services in the past, you must take measures now to prevent the possibility that someone will access your data.

Why VPNaccounts.com is safe from Heartbleed

When we began offering VPN services, our company committed itself to the highest standards of encryption technology. This means that we only deal with secure protocols like PPTP, I2TP, and SSTP. If your VPN provider is not offering these protocols, beware. At this very moment your data could be exposed to hackers and information thieves. If they offer alternative to OpenVPN then you are ok.

This is why we always stress the importance of trusting your VPN provider. Because VPN’s have become so very popular of late, many websites have appeared which promise secured data transmission via VPN. A large number of them use the OpenSSL platform and are now potentially compromised. Be especially careful with web-based proxies and VPN’s that offer free service. Almost all of these use the open source encryption technology.

What you need to do right now!

If you have been using a VPN provider that is potentially compromised by Heartbleed, there are some immediate steps you need to take.

  1. Stop using the compromised VPN. A fix for Heartbleed will be rolling out, but some providers are being slow to implement it. Do not use these compromised VPN connections while there are still concerns about vulnerabilities.
  2. Secure a new VPN from VPNaccounts.com. With our safe and secure protocols, we can have you up and running with a secure VPN in a matter of minutes.
  3. Change your important passwords. Think about how many websites you visit in a given day? If any of these sites use the OpenSSL, your passwords could be exposed. One tester reported being able to view multiple Yahoo Mail passwords because of Heartbleed. To be safe, you need to change your passwords right now. It is a good idea to change them for all of your sites, not just those which have been verified as vulnerable to Heartbleed.