As you may be aware, a major vulnerability has recently been discovered for OpenSSL, the popular encryption software that powers 2/3 of the web. Some LogMeIn services and products rely on OpenSSL, including the LogMeIn Free and Pro hosts used in our popular remote access products.
We take the security of our customer data very seriously and at this time have no evidence of any compromise, but like many web companies, our security team took immediate action to proactively address the issue.
We’ve updated the LogMeIn host and related services to close the vulnerability, and we’re advising that customers take the following precautionary steps:
1) Check to confirm you’re running on the latest version of LogMeIn.
You can do that by hovering your mouse over computers in your Central or My Computers page on the LogMeIn.com site
OR by right clicking on the LogMeIn icon in your systems tray and opening LogMeIn Control Panel and click on the About tab
Windows PC Mac
Confirm version number 184.108.40.20644 and above for Windows or version number 220.127.116.1145 and above for Mac
If you are using an older version, please click the Check Updates button in the LogMeIn Control Panel (as described above), and update the software.
2) Change your passwords on your Windows PCs or Macs. This is the for the login credentials on the computers themselves. You do not have to change your LogMeIn login password.
3) Take a minute to review our FAQ on the LogMeIn help site.
4) If you are a Pro user and use file share (“Share a file”), you should recreate your file share links; i.e. Delete any current/existing links and create new ones.
In addition, our security team continues to perform a rigorous diagnostic investigation to ensure the protection of our users, and will provide additional product-specific updates if necessary.