Back to Blog

Heartbleed Vulnerability: Your Data Is Safe with Bullhorn

by on

By now many of you have read about Heartbleed – a flaw in the very commonly used OpenSSL open source encryption technology used by secure websites that collect sensitive data. We want to apprise Bullhorn customers of the following facts:

1. The Bullhorn ATS/CRM, MaxHire ATS, Sendouts ATS, and Bullhorn Back Office were NEVER exposed to the Heartbleed vulnerability. We use a different version of OpenSSL for our cloud-based products than the one that was affected. No users’ logins, passwords, or other sensitive information were exposed at any time and your information remains safe. However – if you are in the habit of using your Bullhorn password to log in to other websites, we recommend you stop this practice and use unique passwords for each of your major accounts (i.e. banking, email, etc).

2. Bullhorn Reach, which operates separately from all other Bullhorn products and is hosted on Amazon Web Services, was very briefly affected only because Amazon Web Services itself was affected by the vulnerability. Within minutes of being notified by Amazon that they had issued a patch against Heartbleed, Bullhorn Reach technicians re-keyed our SSL certificate and the website is now completely secure. As a matter of precaution, we recommend that Bullhorn Reach users change their passwords and do not share passwords for different sites.

If you have any questions about Bullhorn’s products and service security, please contact Bullhorn Support.

For more information on Heartbleed, we recommend you watch this excellent video: http://techcrunch.com/2014/04/08/what-is-heartbleed-the-video/?utm_campaign=fb&ncid=fb