The OpenSSL Project recently announced that certain versions of its network software are susceptible to a flaw that could compromise encrypted communications between Web servers and Web client software such as browsers. This issue has been covered widely in the press as the Heartbleed vulnerability.
At Signal, security is a topic we take very seriously. Therefore we want to inform you that Signal is actively following the situation and proactively evaluating the risk to our own systems so we can offer assurance to our clients with the highest level of confidence that our systems remain safe and secure.
While Signal does employ OpenSSL software, we are pleased to confirm that all of our systems are safe from the Heartbleed exploit because we were not running versions of the software that contained the flaw.
Additionally, Signal has initiated extra security checks to verify that our systems remain safe from infiltration or harm.
If you are a Signal client and have any questions, please contact your account manager for assistance.