Engineering Extra extra

Important security news from Doodle

Earlier this week a vulnerability in the OpenSSL library was disclosed. Doodle uses this library to encrypt data transmissions like many other Internet services. Therefore Doodle might be affected by this issue. Learn more about the vulnerability on heartbleed.com.

First and foremost we want to express that all Doodle systems have been updated after the disclosure and the issue is therefore resolved on doodle.com.

There are no signs that the vulnerability was exploited to tap into Doodle’s data transmissions. However, due to the nature of the vulnerability this cannot be completely ruled out, though.

We want to emphasize that NO credit card data could have leaked via Doodle as this data is sent directly to our billing provider from your browser.

As a precaution we recommend that you reset your passwords and reconnect your calendars:

Do not hesitate to contact our support team in case you have any questions.

13 comments on “Important security news from Doodle

  1. marc zaharchuk

    Thanks for the security briefing on the resent news events

  2. Marianne

    How do I change the email address that my account is under? I want to get rid of aol ans switch to my gmail account?

  3. I use my Google (or Facebook) account to connect. Am I impacted by heartbleed on doodle.com other than the issue with the other provider (Google or Facebook) ?

    • In this case you don’t have to change you password on Doodle. You should consider changing your Google or Facebook password, though.

      Your Doodle team

  4. Est-ce que vous répondez également en français?
    Merci

  5. I do not have any credit card account associated to my Doodle account. Do I need to change my Doodle passwords too?

    • Dear Helen
      we recommend you to change your passwords generally every few weeks and to use secure passwords.

      Your Doodle Team

  6. I did not need a password until now! should I?? Is it only for certain functions?
    I only use Doodle to plan meetings….

    • Dear Lucienne,
      no need to use a password for Doodle while planning meetings, a password is needed for the Premium Doodle functionality.

      Your Doodle Team

  7. alanplum

    Did you verify that your payment processor was not vulnerable to the exploit (i.e. had the heartbeat feature disabled or used an older version that did not support it)? Otherwise it seems a bit dangerous to claim that your customers’ credit card data is safe, whether your vulnerability could ever have affected it or not.

Leave a Reply

%d bloggers like this: