If you’ve ever logged into a website, you’ve passed data over a secure connection. For the majority of websites on the internet (including Foursquare.com), that secure connection is powered by a thing called OpenSSL. On April 7, researchers discovered a flaw in OpenSSL. This vulnerability, called Heartbleed, could have allowed attackers access to any of this data passed over a ‘secure’ connection, like password information. (For more information on Heartbleed, read this). For an overview of affected major sites, click here.
So what is Foursquare doing about this?
First, we’ve ensured that all of our systems, and the systems of vendors we use have been upgraded to the patched versions of OpenSSL without the vulnerability. This task was completed within 48 hours of it being disclosed publicly.
Second, we’ve recreated and re-deployed new SSL certificates and reset our internal credentials (basically, changed things that could have been compromised because of Heartbleed). We have also revoked our older certificates just to be safe. This task was completed by 7pmEST on April 10th.
As of right now, we have no indication that this vulnerability was used against Foursquare.com. That said, the nature of Heartbleed makes it hard to detect, so we’re encouraging great caution.
We recommend you change your Foursquare password (you can change it here). Frankly, we’d recommend you change your passwords on other websites, too.
If you’ve connected outside services with Foursquare, we recommend you disconnect and reconnect those (you can see connected apps here).
This is obviously a big issue for security on the internet. If you have any questions at all just reach out to our support team @4sqsupport. We’ll keep you posted as things develop.