Security Update Concerning OpenSSL Heartbleed

We take the security of your data very seriously at Illumina.  As one of many safeguarding measures, BaseSpace uses encryption software to ensure the privacy and security of both your user login information and your sequencing data as it travels from Illumina’s sequencing instruments into our cloud environment.

Recently, a security threat with a common encryption library that is widely used by many websites (including BaseSpace) was found to have a major vulnerability in it.  The security threat was published on April 7th, 2014 for the “OpenSSL” library (CVE-2014-0160 ) and quickly came to our attention.  The vulnerability, nicknamed “Heartbleed”, had the potential to allow an attacker to steal private keys or other sensitive information that is normally encrypted via SSL.  The nickname came about because of the way an attacker could gain access to a server’s memory through the “OpenSSL” specific heartbeat protocol.

Once we assessed the situation we quickly worked with our platform vendor and internal teams to ensure the following was completed:

  • All affected servers were patched with the updated/non-affected version of OpenSSL.  This was completed less than 24 hours after the announcement.
  • All of our public facing SSL certificates were replaced.  All of the old SSL certificates are now being revoked.
  • All login sessions older than 24 hours were automatically invalidated.

We have no information that knowledge of this vulnerability was used against BaseSpace or its users.  However, as with all websites that have updated their OpenSSL libraries, we encourage everyone to change their BaseSpace password.  You should also check your notification history for any suspicious activity.

At BaseSpace, protecting your data is our top priority, and we continue to assess the risks in response to this issue.  We have and will continue to work together with our infrastructure provider, Amazon Web Services, to ensure that all of our services respond quickly to security threats.

For further information about BaseSpace data security, please see our Data Security Technical Note.  If you have any questions or concerns, please feel free to contact support.

Technical Support
Monday – Friday
7:00am – 5:00pm (PT)
858.202.4766 (Fax)
TechSupport@illumina.com
customerservice@illumina.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: