You may have heard that a vulnerability in the OpenSSL cryptographic library called Heartbleed, formally called CVE-2014-0160, has been discovered. This vulnerability represents a potential security threat to many websites. By exploiting this vulnerability, malicious individuals have accessed sensitive information of people actively using websites, such as usernames, passwords, or credit card numbers. You should be aware of suspicious activity on any of your online accounts.
Sensitive personal data held via University of Toronto Libraries’ websites was not exposed to the Heartbleed bug. We have reviewed our potential exposure to the threat and have deemed our online spaces secure. As a precaution, we recommend all library users update any passwords to online accounts.
As a precaution, we are taking the following steps:
- Installing new SSL certificates based on a new private key
- Revoking old SSL certificates
For more information
Digital Communications Services Librarian
Information Technology Services | University of Toronto Libraries