On April 10, 2014, our CEO sent a message to all of our users regarding Heartbleed and the best course of action to protect your online accounts. As Heartbleed is going to be around for a while, it’s pertinent info that we want to (re)share with you here. See below.

 ————————————–

Dear Dashlane user,

By now you likely have heard about the Heartbleed bug. It has been in the news all over the world for the last 3 days. This is the most serious security issue the Internet has ever faced. As such, I feel it is important to write to you personally to make sure you are fully informed of the situation and its consequences.

A few things you should know right away:

  • Your Dashlane account is not impacted by the Heartbleed bug
  • Your Master Password is safe, as it is never transmitted
  • Your personal data, when transmitted, is always ciphered locally with AES 256, which is not affected by the Heartbleed vulnerability

The information you store in Dashlane is 100% safe, and you do not need to change your Dashlane Master Password. In addition, if you have been using unique passwords for most of your accounts – which Dashlane recommends and facilitates – you are probably less exposed to the consequences of the Heartbleed bug.

However, your passwords and other personal information may still have been stolen from any website affected by the vulnerability. In order to be as protected as possible, we recommend that you do the following:

  1. Immediately change the passwords for the accounts that are most critical to you (for example, your bank, your PayPal account, your email accounts…) by generating strong unique passwords using Dashlane
  2. Wait for an additional 10 days before changing any other passwords. You need to make sure all these sites have fixed the problem before changing your passwords
  3. In 10 days, go back to all your critical accounts and change the passwords a second time by generating strong unique passwords using Dashlane
  4. Then change all of the passwords of your less critical accounts in the same way.

The most important thing is to make sure you use different passwords on each and every website, because if your password is stolen on one site, it will not impact other sites. This was true before Heartbleed and is even truer today.

We’ll be sure to keep you updated about the situation, and want to thank you for protecting your data with Dashlane. Given the circumstances, there is no better time than now to tell your friends, colleagues and family to start securing their digital life by visiting www.dashlane.com today.

You can find more details in our blog at
https://www.dashlane.com/blog/security/dashlane-heartbleed-bug/

Emmanuel Schalit
CEO, Dashlane