On the evening of April 7, 2014, the world became aware of a major flaw in how secure transactions are handled on the Internet. The flaw, known as the OpenSSL Heartbleed bug (CVE-2014-0160) enables the decryption of secure traffic by unauthorized third parties.
While the bug affected over half the servers on the Internet, most companies, including Colgate, acted quickly and patched their systems. ITS began patching systems promptly on the morning of April 8; all systems were patched by 10:00 PM EST. ITS has no indication that our systems were compromised.
In staying true to our word that we will never contact you via phone or email to change your passwords, ITS chose not to send a mass-email alert with a link to our password page.
What should I do?
The vast majority of secure traffic and transactions on the Web are encrypted using the SSL protocol. Everyone who uses the Internet or mobile apps for banking, shopping, communicating, sharing, or storing information may be at risk of having their information, including passwords, revealed to a third party.
That said, this bug has potentially serious consequences and ITS advises all users to change their passwords for personal services they use on the Internet.
For more information about Heartbleed, see our initial blog alert at: