A major security vulnerability called Heartbleed was announced earlier this week. Heartbleed affects a large portion of websites on the internet that use OpenSSL to encrypt web pages (pages that start with https) and other communications. Sites affected by the security vulnerability could have user login credentials and other personal information stolen.

Faculty/Staff: You must change your Butler password by 5:00 p.m. on Wednesday, April 16 or your account will be locked and you will lose network access. At that point, if you haven’t set up security questions or secondary contact info at password.butler.edu, your only option to regain access will be to contact the Help Desk for assistance. We anticipate a heavy volume of calls and appointments due to this issue, so wait times will be significant should you not change your password before the deadline.

Students: IT strongly recommends that you change your Butler password.

You can easily change your password by visiting password.butler.edu. You can also add a phone number and/or alternate email address to provide additional ways to change your password in the future. Once you have changed it, be sure to update your password on everything you use to connect to the Butler network (smartphones, tablets, laptops, Mac keychains, etc.) so that you can continue to access wireless and email from all of your devices without any problems.

While we have no evidence that any Butler sites have been compromised using this bug, IT staff members have been working around the clock since Tuesday to update systems that use this type of encryption. As of this morning (4/11/14), we have completed this task. Again, we have no reason to believe that a breach of any kind has occurred, but it is important to note that this bug has existed for two years prior to its discovery and disclosure, so it is a good idea to take precautions to protect your information.

Given the circumstances, we also strongly recommend the following:

  1. Do NOT use your Butler password as a password for any other sites, as those sites might not be secure.
  2. Change your passwords for personal accounts on the web, but before doing so, watch for an update from those websites advising that they have fixed the problem. Click here for a helpful list of affected websites.
  3. Keep these National Cyber Security Alliance password tips in mind as you update your information, including using different passwords on every website. That way if one of your website accounts is compromised, it won’t impact others. Again, it is critical that you do not use the same password at Butler as you do with any other accounts online.
  4. For more information about cyber security and general tips on how to protect yourself online, visit www.staysafeonline.org. You can also find helpful info at www.butler.edu/it/safe.

Should there be any critical updates to this alert in the future, we will share those with you accordingly. If you have any questions or concerns, please contact the IT Help Desk at 940-HELP (4357).