By now you’ve probably heard of the major encryption bug that was made public last week, named Heartbleed. We fixed everything the day the bug became public. There is some risk that your password could have been stolen and your communication with riseup monitored or interfered with. You will need to change your password. If you want to know more there is a good summary at: https://mayfirst.org/may-firstpeople-link-statement-heart-bleed-security-flaw (link in english and spanish)
There have been reports (and also denials) that the NSA knew of this problem for two years. If they did, by our calculations, the worst case scenario is that they could have compromised our communications for approximately 11 months. Yeah, ugh :(
Details about the new security certificate (and Tor hidden services names) are listed on the riseup homepage in the ‘system updates’ section.
You need to login to user.riseup.net and change your password. Do this right away.
In Solidarity, Riseup
NOTE: Remember that riseup will never, ever, ask you to send us your password, or to click on a link where you provide your password.