We have secured our infrastructure from Heartbleed, a serious OpenSSL vulnerability that caused security on most of the internet to virtually evaporate overnight (good post by the New York Times). There is no indication that any data on Mapbox was compromised as a result of Heartbleed, but as a precaution, we strongly suggest that you reset your Mapbox password.

Here is a summary of how our engineering team addressed the vulnerability:

  • We logged you out of Mapbox.com–you will be required to login again on your next visit.
  • All services were reviewed and updated immediately.
  • We rotated our SSL certificates and all other security credentials.
  • We reviewed all third-party services and worked with their teams to ensure that proper steps were taken to patch their vulnerable services and rotate their credentials.

If you have any questions regarding Heartbleed or anything else, send us a note at help@mapbox.com.