Yesterday, a very serious bug in OpenSSL was disclosed and fixed. The bug is known as Heartbleed
and allows an attacker to remotely read raw memory from a web server using OpenSSL to serve TLS-encrypted traffic.
Upon learning of the vulnerability, Braintree immediately patched all exposed servers with an updated version of OpenSSL yesterday afternoon. While we have no evidence to believe that any SSL certificate or private key material was accessed, as a precautionary measure we are also in the process of replacing all of our SSL private keys and certificates on affected hosts. We are working as fast as possible, but the process of re-issuing certificates and validating them against our client libraries takes some time to complete to ensure no interruption in service.
No changes to merchant integrations will be required as a result of these updates.