By now you’ve probably heard about the Heartbleed security flaw in OpenSSL’s heartbeat extension that has affected many prominent sites.

Thankfully, private Vimeo account details were not compromised by Heartbleed.

We do use OpenSSL in some areas of the site, but these areas do not touch private information and have already been updated since the flaw was detected.

It is completely safe for you to change your password on Vimeo and we strongly recommend doing so if you use the same password on Vimeo and sites that were impacted by the Heartbleed flaw, such as Yahoo, Tumblr, Google, Facebook, or Amazon.

If you’d like to know more, here’s an explanation of what Heartbleed is and how it works:

+ More from the Staff Blog Archive

46 Comments

Elastica Inc

Elastica Inc PRO

Hey Jo, we've got an answer for you!

The level of communication has varied from provider to provider. The challenge, in many cases, is to first understand the ramifications of the vulnerability internally before communicating that information to customers externally. That said, I think with situations like this, it's important to be proactive and provide customers with guidance up front. Heartbleed was not a minor issue, but impacted every Internet user.

Jo Fergus

Jo Fergus

Thanks for the clear and well-measured response.
I can only hope that others could be as proactive and communicative.

Darnell Witt

Darnell Witt Staff

We use proprietary SSL implementations in some areas of the site and OpenSSL in others. We’re always evolving to improve security and stability.

Elastica Inc

Elastica Inc PRO

So glad to hear Vimeo accounts weren't affected. We're big fans at Elastica :) Thanks for sharing our video Alex; we're happy to be spreading knowledge and helping people understand what this Heartbleed flaw is all about.

- Elastica Team

Alex Dao

Alex Dao Staff

Thanks for your clear explanation! I'm so glad I came across it. :)

Zeffiron

Zeffiron

Thanks for the warning, I hope everything goes well, and the accounts stay safe :

Alexis Saravia

Alexis Saravia

If you login with Facebook and have already changed that password, you don't need to change it again on sites with facebook logins right? Multiple sites that use google as a main login included in this question. Thanks a bunch.

Matt Schwarz

Matt Schwarz Staff

If you have a separate password for Vimeo, then we suggest you change it. If you've never set a password on Vimeo, and only log in through Facebook, you should be OK.

Brian Bowling

Brian Bowling

Nice explanation. A tiny bit heavy handed on the histrionics though.

Thomas Bowles

Thomas Bowles

This video was extremely informative and was to motivated by your words, expressions and nomenclature. Thank you.

Mitesh

Mitesh

Great explanation..

Emmett Fitzsimmons

Emmett Fitzsimmons Plus

Getting real tired of changing my password every few weeks because of another issue with hackers....

Franklin A Gonzales

Franklin A Gonzales

As of now I'm not informed about it. But if you received my automatic monthly payment on March 18, 2014 and yet my videos are not displaying while my yahoo website was still displaying up to April 3, 2014 -- I am left hanging until I know who was the possible hacker. I can't proceed on monthly payment with Vimeo and yahoo until the possible hacker is not solved. As I posted in facebook, I will deffer everything until I am satisfied with what doj.gov.ph can do with my complaint I will submit to them. Thank you if you read this comment.

Tommy Penner

Tommy Penner Staff

Yes, I saw this comic and found it to be the easiest way to understand what the fundamental issue is of Heartbleed. Really helpful!

joezachs

joezachs

Thanks Richard.... better explained

Elastica Inc

Elastica Inc PRO

If anyone still needs guidance on what you need to do to best safeguard your data, we actually just posted a new Vimeo video which gives tips that should help:

"#Heartbleed Flaw: Best Practices for End Users”—give it a watch! vimeo.com/91943418

Amanda Spain

Amanda Spain Plus

My videos were password protected and yet they were downloaded by people in Thailand and Israel. I only gave the password to my client (New York based and he definitely didn't give it out). So I am not sure the site wasn't compromised. Anyone else notice this?

Matt Schwarz

Matt Schwarz Staff

Looks like you're talking with Andy. He'll be sure to get your issue to the right person ASAP.

Shiply

Shiply PRO

Glad to hear that Vimeo wasn't affected by this nasty Heartbleed issue.

Hector Uribe

Hector Uribe Plus

I have been trying to upload a video for about 10 hours and is have not been able to finish the process. Is there anything happening at Vimeo? This is the first time that it is taking so long. I even upgrade my Internet package but there is little difference. Please help.

joezachs

joezachs

That was informative. Better to be safe.

Meria

Meria

Good to know. Thanks. :)

This conversation is missing your voice. Please join Vimeo or log in.