Request a Demo

Job Role
Inquiry Type

YES, I agree to receive, via email, information about Medallia solutions and success stories that show how industry-leading companies improve the customer experience and increase revenue. Read our Privacy Policy in the footer below.

Read our Privacy Policy

Thank You

Your message has been received and we will contact you shortly.

Medallia Not Vulnerable To Heartbleed Bug

As you have likely heard, a newly discovered security issue in the commonly-used OpenSSL security protocol — known as the Heartbleed bug — has caused serious concern. We are communicating this publicly to make sure that our clients and users know that Medallia is not vulnerable to the Heartbleed bug. No action is required — we are relaying this message only to assure our clients that their data remains safe with Medallia.

Here’s what’s happened at Medallia since the bug was made public: Our Operations team immediately jumped into action as soon as news of the vulnerability broke, reviewing all externally accessible infrastructure that utilizes OpenSSL in any way. This analysis determined that Medallia is not vulnerable.

Our Information Security team already conducts regular network vulnerability scans against all Medallia-owned networks and has now added a profile to specifically search for this vulnerability based on CVE-2014-0160. The scan reports have confirmed that Medallia is not running vulnerable versions of OpenSSL, but we will continue to run it daily as a precaution.

Even though client data is not at risk, Medallia will be rekeying and replacing all SSL certificates as an extra security measure. Again, if you are one of our customers, no action is required on your part.

Subscribe to our Weekly Blog Updates