Time Tracking & Productivity Blog
Freckle is the time tracking and invoicing app that your team will love.
Time tracking is tedious?
It's not you, it's your tools.

The Latest

Heartbleed and Freckle

Thomas FuchsThomas Fuchs

tl;dr Freckle was patched on Monday within hours of public knowledge of this security problem. We recommend that you change your password and API token.

This Monday (April 7, 2014) afternoon (ET) the Heartbleed bug (CVE-2014-0160) was made public. It is a very serious security problem with the way web servers (like Freckle) handle encrypted data. (For a non-nerdy explanation see this XKCD comic!)

This vulnerability affects a large number of web sites and applications, from big ones like Google, Facebook, Yahoo, Twitter, GitHub, your bank and so on down to smaller services like Freckle.

The gist is that an attacker could have read some encrypted data, including passwords and other sensitive information; as well as impersonated other people and logged in to their accounts. Unfortunately there’s no way to know for sure that we’ve been affected or not. _We do not have any indication that any Freckle data was exposed._

We take your data security very seriously, and immediately dropped what we where doing to fix this problem.

Steps we’ve taken to fix this problem: (warning, nerdspeak ahead!)

Steps we advise you to take:

If you have any questions, please contact us at [email protected].

Thomas’ work on Prototype.js, Zepto.js and Micro.js has made him a certified JavaScript Guru. Before founding Freckle, Thomas was consulting with some of the world’s best known companies on their craziest interactive JavaScript needs. A Ruby on Rails core alumni, he is passionate about creating the best user interface experience possible and penned the Scriptaculous JavaScript UI library to share the love, counting sites like Apple.com and Nasa.gov among its users. Thomas’ master plan: work toward a more delicious web using open source goodness.