On Monday, April 7, a security vulnerability known as “Heartbleed” was discovered in the OpenSSL encryption protocol. On that same day, Quantcast’s engineering team confirmed that Quantcast.com, like half a million other websites, was vulnerable to the bug. In response, we updated our website to use the newly patched version of OpenSSL, and then pushed new SSL certificates to our servers and revoked our old certificates. All Quantcast services have been running updated versions of OpenSSL with new certificates since noon PDT on Tuesday, April 8.
While we have no reason to believe any information was compromised, it is generally a good practice for Quantcast.com users to update their passwords on Quantcast.com and, due to the scope of this vulnerability, on any sites where they might store important information. To change your password on Quantcast.com, while logged in, visit your account page, fill out the form, scroll to the bottom, and hit “save.” For more information, please reach out to us at firstname.lastname@example.org.
Posted by the Quantcast Engineering Team