my-devices.net and Heartbleed
On April 7, a team of security researchers found a critical bug in some versions of OpenSSL that allow an attacker to read random memory regions of affected server processes. This issue is widely known as Heartbleed, and more formally as CVE-2014-0160.
Immediately after becoming aware of the issue, we have checked the server hosting reflector.my-devices.net and we’ve found that the server was using an affected version of OpenSSL. We have updated the OpenSSL version on the server on April 8, and also installed a new private key and certificate for the server in the meantime. As an added security measure, we recommend everyone having an account on the server to change the password.