Heartbleed: We’re Not Affected. Here’s What You Can Do To Protect Yourself

AWeber has not been affected by the major security bug, Heartbleed. Find out if other sites you use were affected by it and what steps you should take next.

By now, you’ve probably heard about Heartbleed. It’s a major security bug believed to affect about 17% of all (supposedly) secure servers on the Internet.

There’s a good chance you’re wondering whether AWeber.com and other websites you use have been affected.

So let’s talk about it.

AWeber: Not Affected

When we found out about Heartbleed, we quickly verified whether we were affected.

All of our servers were secure and not affected by the Heartbleed bug.

Now that we’ve got that out of the way, let’s talk about what you can do to protect yourself now and minimize the risk of future events like Heartbleed affecting you.

Why It’s Still a Good Idea to Change Your Password

First of all, even though AWeber was not affected, we recommend that you change your account password.

Why do we recommend changing your password, even if AWeber wasn’t affected?

Changing your password from time to time is a good security practice, and an event like Heartbleed is a reminder to do this.

Plus, you might also have been using the password for your AWeber account as your password for some other website that was affected by Heartbleed.

So go do that now. Here’s the link.

How to Find Out if Heartbleed Affects You

Next, you should find out what other sites you use that were affected by Heartbleed.

There are a few free resources available to help you with this:

Get a Password Management Tool

Are you using the same password for multiple websites?

If so, it’s time to stop doing that and protect your digital self better.

There are a number of high-quality password management tools that will help you keep track of your various passwords.

In some cases, you can even automatically fill in the login and password you need for a site with a simple keyboard shortcut. So there’s really no reason to re-use a password on multiple websites.

Here are a few password management tools:

We like and use 1Password extensively at AWeber, but whatever your choice is, pick one and get in the habit of using it and setting up unique passwords for your online accounts.

More on Heartbleed

If you want to learn more about the Heartbleed bug, check out these pages…


  1. Andy Beard

    4/15/2014 11:04 am

    Hi Justin

    I don’t think this covers all situations, even if you don’t use OpenSSL

    For instance if you are using Aweber API on a server affected by Heartbleed, then surely your API credentials for all services used from that server are potentially compromised.

    Thus generating new credentials is being advised by many “unaffected” services.

    On a separate note the headers for this blog suggest you are running some really out of date WordPress & plugin code


    Your blog is currently running WordPress 3.4 and All in One SEO

  2. Tom Kulzer (AWeber CEO)

    4/15/2014 9:51 pm


    If someone was making connections to the API via a HeartBleed affected server, it’s surely a good idea for them to change their application’s authorization credentials. This post was meant to directly address whether our servers were vulnerable, which they were not.

  3. Valerie Hayes

    4/16/2014 2:56 pm

    Thanks for the info. I have a question regarding password management tools. Not sure which system I’m using, but when I go to most sites that I have to login, my un is there and my pw is in dots. All I have to do is click “Login”. Whats to keep someone who hacks into my computer (esp when I am using an airport or other wifi) from getting into those secure sites? I do have several different passwords and it’s convenient to use a pw manager, but is it really safe?

  4. Robert

    5/7/2014 8:19 am

    Great summary Justin. I would just add another password manager to the list – Sticky Password – http://www.stickypassword.com – I use it for a long time and I have found it very useful.

  5. Mike

    5/11/2014 9:14 am

    Yes Robert, you have riight. I use Sticky Password too.