A major security vulnerability named Heartbleed was discovered on April 7 and has the potential to impact all Internet use between users' computers and servers that use Open SSL (Web pages that start with https). The security vulnerability permits the theft of account information, including userID and passwords, in addition to any data shared between the user and the server that would normally be protected during the session.
We would like to inform the Pacific Community that the Office of Information Technology is aware of the Heartbleed bug and has been actively scanning and updating our servers, where appropriate, to address any vulnerabilities.
At this time, there has been no evidence that a Pacific website has been compromised.
Presently, Pacific is not asking users to change their PacificNet passwords. However, we urge Pacific users of popular services, such as Google, Yahoo, Facebook, iCloud, Evernote and Twitter, to subscribe to multifactor authentication within those services to enhance account security. As a reminder, your PacificNet password should be unique to your PacificNet ID and not used for any other online service. If you have used your PacificNet password for any other online service, it is recommended that you change your PacificNet password immediately.
For information on how to change your PaificNet password, please visit the OIT FAQ on how to use Pacific's Locksmith service: http://oitfaq.pacific.edu/index.php?action=article&id=302
For more information about Heartbleed, please visit: http://www.washingtonpost.com/news/morning-mix/wp/2014/04/09/heartbleed-what-you-should-know/
More technical information can be found in the Qualys SSL Testing site (https://community.qualys.com/blogs/securitylabs/2014/04/08/ssl-labs-test-for-the-heartbleed-attack).
Additionally, both Chrome and Firefox web browsers have a plugin/extension available to warn you if a site you are visiting is vulnerable to Heartbleed.