The AAVSO Website and Heartbleed
As many of you have heard, a vulnerability was recently discovered in OpenSSL which allows attackers access to vast amounts of sensitive information on websites using this software. This vulnerability is called Heartbleed; if you're not familiar with it you can read about it here.
The AAVSO is currently in the planning stage to move towards securing our website through SSL. However, at this time, no portion of the AAVSO website is currently served using SSL; therefore, the OpenSSL vulnerability does not affect our website.
There is one exception: the AAVSO website uses a credit card payment gateway provided by Paypal to facilitate membership payments, donations, and other payments made to the AAVSO. As of the time of writing, we have verified that Paypal's payment gateway is not affected by this vulnerability.
What this means is that your data with the AAVSO is safe. However, if you use the same password on the AAVSO that you use on other websites, those other websites may have been compromised. If that's the case we recommend that you change your AAVSO password.