Updated April 9, 2014
On April 7, an internet-wide security vulnerability was reported for OpenSSL, the software used to encrypt web communications on the majority of e-commerce sites. You can find out more about this bug, called Heartbleed, at the Wall Street Journal, CNET and the Guardian.
The Kiva team responded promptly to this alert, patching the security vulnerability on Kiva's website within 24 hours. We will continue to take steps to ensure the security of our users’ information, including reissuing encryption certificates and resetting passwords for all our administrative accounts.
Kiva does not store any payment information on the Kiva site. PayPal, the provider Kiva uses to process payments, issued a statement Wednesday saying customer information was "not exposed to the OpenSSL vulnerability," and that "PayPal account details remain secure."
If you are concerned about the information living on Kiva--like your email and Kiva account password-- or the security of your Kiva Credit, you can take the extra step of resetting your password. For some users, that may mean resetting your Facebook password if you use the social network to sign into Kiva.
At Kiva, the security of our users' information is of the utmost importance to us. We'll continue to update you on this blog should any additional security steps be deemed necessary.