Earlier this week a vulnerability in the OpenSSL library was disclosed. Doodle uses this library to encrypt data transmissions like many other Internet services. Therefore Doodle might be affected by this issue. Learn more about the vulnerability on heartbleed.com.
First and foremost we want to express that all Doodle systems have been updated after the disclosure and the issue is therefore resolved on doodle.com.
There are no signs that the vulnerability was exploited to tap into Doodle’s data transmissions. However, due to the nature of the vulnerability this cannot be completely ruled out, though.
We want to emphasize that NO credit card data could have leaked via Doodle as this data is sent directly to our billing provider from your browser.
As a precaution we recommend that you reset your passwords and reconnect your calendars:
- Change the password for your Doodle account. Reset your password here
- If you connected an iCloud calendar to Doodle you should also reset your iCloud password and reconnect your calendar. Learn more about how to reset your iCloud password
- You should also reconnect your Google Calendar and your ICS feeds. Learn more here
Do not hesitate to contact our support team in case you have any questions.
Thanks for the security briefing on the resent news events
How do I change the email address that my account is under? I want to get rid of aol ans switch to my gmail account?
Dear Marianne
Our support is happy to help you with all your questions. Please contact us at http://doodle.com/en/help/contact-form
Your Doodle Team
I use my Google (or Facebook) account to connect. Am I impacted by heartbleed on doodle.com other than the issue with the other provider (Google or Facebook) ?
In this case you don’t have to change you password on Doodle. You should consider changing your Google or Facebook password, though.
Your Doodle team
Est-ce que vous répondez également en français?
Merci
Dear Yi,
Our support is happy to help you with all your questions – however we do need your questions in English or German language, feel free to contact us at http://doodle.com/en/help/contact-form
Your Doodle Team
I do not have any credit card account associated to my Doodle account. Do I need to change my Doodle passwords too?
Dear Helen
we recommend you to change your passwords generally every few weeks and to use secure passwords.
Your Doodle Team
I did not need a password until now! should I?? Is it only for certain functions?
I only use Doodle to plan meetings….
Dear Lucienne,
no need to use a password for Doodle while planning meetings, a password is needed for the Premium Doodle functionality.
Your Doodle Team
Did you verify that your payment processor was not vulnerable to the exploit (i.e. had the heartbeat feature disabled or used an older version that did not support it)? Otherwise it seems a bit dangerous to claim that your customers’ credit card data is safe, whether your vulnerability could ever have affected it or not.
Yes, we did. We were in contact with our payment processor the whole time and they confirmed it.