By Eric Chan, CTO, BIll.com
Rest assured, Bill.com is not affected by the Heartbleed bug. With that news out of the way, we want to share some thoughts and additional information about security.
Every few months data breaches and security flaws become headline news. The general public often experiences them in a familiar pattern: news of the breach splashes across our screens; people worry about the consequences and perhaps take cautionary action; and then, most forget about data security until the next issues crosses the headlines.
At Bill.com, we take security seriously. We want our customers to know that we’re always vigilantly paying attention and taking pro-active measures to keep your data and transactions safe. We follow the latest news in security and quickly analyze how it affects you and our own systems.
We addressed the Heartbleed Vulnerability, in our latest community post written by our Vice President of Customers, Kathleen Long.
We invite you to join the conversation, submit your questions or concerns on our community forum.
Original Bill.com Community Post:
What you need to know about Heartbleed and Bill.com
Bill.com's engineering and security team assessed our servers and sites earlier this week. We are not impacted by the Heartbleed bug and we find no evidence that customer information was in any way compromised.
We are currently in the process of reaching out to all our vendors to ensure that they have taken adequate precautionary measures. If any vulnerabilities are identified that impact Bill.com customers, we'll definitely reach out and let you know. Your security is of primary concern to us.
These kinds of situations are one of the many reasons Bill.com recently implemented additional security (multi-factor authentication) on your account for higher risk account activities. In the event your credentials are ever compromised for any reason, this provides an extra layer of security for you and your account.
To protect yourself more fully, also think about your usernames and passwords. If you use the same username and password for Bill.com as you do for other services or sites, please change your password immediately. We provide some tips on selecting a good secure password here: https://answers.bill.com/app/answers/detail/a_id/1485
Additionally, you should check with your email provider to ensure that they were not compromised. If so, part of keeping your information secure is to keep your email secure. Most email services provide multi-factor authentication options. Your email provider can give you further guidance.
Bill.com will keep you up-to-date as more information is available.