On April 7, “Heartbleed”, a critical vulnerability in the OpenSSL library, was publicly disclosed. OpenSSL is used to secure Internet traffic for a very large percentage of the Internet’s websites.
At SF Fire Credit Union, we have been working to assess the impact for our members in the wake of the discovery of the Heartbleed bug. First, we are happy to report to you that our online and mobile banking systems are not impacted by this vulnerability as they do not utilize the technology that featured this bug.
Like approximately 50% of all the internet’s websites, SF Fire Credit Union’s public-facing website (our non-online banking website) uses the open source Apache web server, which utilizes OpenSSL – but the version of OpenSSL being used on our web server was not vulnerable to the Heartbleed bug.
Please note that any website that may be reporting ours as vulnerable is incorrect. These sites (i.e. LastPass, etc.) are looking to see if we are running Apache or nginx as our web server and making an assumption that we could be vulnerable. As mentioned above, we are running Apache, but we were never vulnerable to the Heartbleed bug.
Even though your member information remains secure with SF Fire Credit Union, many of the Internet’s most trusted websites were vulnerable to Heartbleed. If you reuse your passwords in multiple places, you will likely need to change your passwords on websites that were impacted by this bug after the fix is in place for those websites – many websites, however, have yet to apply the fix for the bug.
If you use your SF Fire Credit Union Online & Mobile Banking password on other websites, we do recommend that you change your password in Online or Mobile Banking, and not reuse that password on other websites.
As always, if you have any questions or concerns, please feel free to reach out to our Call Center at 888-499-FIRE or via Web Chat.