By now, many of you have heard of the severe Heartbleed security flaw in the OpenSSL library that was revealed earlier this week.
We have no reason to believe that this vulnerability has in any way been used to attack Phrase directly, but since it is almost impossible to tell, we recommend you to change the password of your Phrase user profile and refresh your project auth token.
Updating your password
To request a new password you can either:
- Use the “Forgot password” page. After entering your email address you will receive instructions on how to create a new password. Your old password expires automatically or
- Log into your account and update your password on your profile page
Refreshing your project auth token
Since your project auth token is a password itself, too, you should refresh this secret as well. To do so, please visit your project settings page and click “Renew Auth Token”. This will expire your old token immediately and assign a new secret to that project.
If you use the Phrase API or In-Context-Editor in any way, please don’t forget to update the auth token where necessary:
- .phrase file (for the phrase gem)
- In-Context Editor configuration
- Custom API client implementation
If you have further questions please contact us: firstname.lastname@example.org
Be sure to subscribe and receive all updates from the Phrase blog straight to your inbox. You’ll receive localization best practices, about cultural aspects of breaking into new markets, guides and tutorials for optimizing software translation and other industry insights and information. Don’t miss out!