The Heartbleed Effect on EdTech

You’ve likely heard about a widespread security bug discovered this week called Heartbleed, and might be wondering what it means for Gaggle and our users. Fortunately, really nothing at all. All of the services that Gaggle provides, including our student and teacher tools and email, were never exposed to the bug.

Heartbleed brought to light a serious vulnerability in a popular open source set of tools known as OpenSSL, which can be found on two-thirds of all websites using secure encryption. Here’s a non-technical explanation of secure encryption: When you go to a website with a web address that includes “https” rather than “http,” you’re more than likely connected using OpenSSL so passwords and other sensitive information can be sent safely back and forth between your computer or device and that website.

The vulnerability discovered earlier this week resulted in possible memory leaks that could contain usernames, passwords, email and business critical documents and communication―or nothing―all without leaving a trace.

“If any of our customers use the same password for Gaggle and another website that is known to be vulnerable to Heartbleed, we strongly recommend to them that they change it as soon as possible,” said Chris Moates, Gaggle’s lead system administrator. “If your password is unique to Gaggle, then there is no need to change it right away, but we still encourage you to change your password routinely.”

To change your Gaggle password:

  • Login to your account.
  • Click on the “My Account” link in the upper right corner of the page.
  • In the “Basic” tab, enter a new password and then retype it in the field labeled “Retype Password.”
  • Click “Save.”

While Gaggle was not vulnerable to Heartbleed, we remained very vigilant to assure your safety. Our team of system administrators and software developers did its part to eliminate any future risks to assure that you and your students remain safe.