Accessibility links

|

Sign In
Basket
Basket
  • Home
  • News
  • HeartBleed Bug: An important update from the ROH

HeartBleed Bug: An important update from the ROH

Why changing your ROH website password is strongly advised.

By Rob Greig (Chief Technology Officer)

30 April 2014 at 1.08pm | 10 Comments

As you may be aware from the news, a security bug called HeartBleed has recently been discovered affecting thousands of websites across the world, including some of the world’s biggest companies such as Google and Facebook.

The bug has also partially affected one of the technologies that the Royal Opera House website uses, although we have no reason to suspect that the Royal Opera House website was compromised and our servers have been updated to fix the issue. We fixed the issue as soon as it was published, and have been working to ensure our website is as secure as possible. The bug did not affect credit card details because credit card information is managed using a different technology.

You have also probably heard from other companies asking you to change your password on their website. As a precaution we would recommend that you change your ROH website password in your account by signing in, selecting your username in the top right of the screen, then clicking ‘password’.

For further information on the bug and how to create a secure password, BBC News have a useful piece on password security.

By Rob Greig (Chief Technology Officer)

30 April 2014 at 1.08pm

This article has been categorised Off stage and tagged HeartBleed, security, website

This article has 10 comments

  1. adam baillie- responded on 30 April 2014 at 6:49pm Reply

    I've tried to change my password on the ROH website: it won't let me. I enter my old password, type in a new one, confirm the new one, and back comes a message saying password not vald. help.

    • Ellen West (Head of Online Content) responded on 2 May 2014 at 8:02pm

      Hi Adam

      Is your old password correct? I'd check that for starters. If it is, then maybe try varying the characters in the new password - perhaps there is something that the site won't accept. Let us know if you continue to have difficulties.

      Best wishes

      Ellen

  2. Jim Hampton responded on 30 April 2014 at 10:04pm Reply

    Rob

    Sending out an email with a link in to change password is bound to be regarded as suspicious.

    I would urge you to issue a note that directs people to your website rather than asking them to click on a link.

    The link itself dies not go to you site so is probably a phishing attempt?

    Copy of link

    http://tracking.wordfly.com/click?sid=ODBfMTQyMjNfOTEyNTc0XzcxNDY&l=5385adf3-64d0-e311-89d8-e41f1345a46a&utm_source=wordfly&utm_medium=email&utm_campaign=2014_Apr_HeartBleed_Bug_Notification&utm_content=version_A&emailsource=19579

    You have been hacked?

    • Paul Spear (Content Producer (Marketing)) responded on 1 May 2014 at 10:44am

      Hi Jim,

      Thanks for your comment, you are right to check. The extra code in the url you are seeing is the tracking code generated by Wordfly (the email service we use). The link is safe, sorry if we caused any concern.

      Best wishes
      Paul Spear
      Digital Producer

  3. Ann responded on 1 May 2014 at 9:11am Reply

    I was surprised to see that in the ROH email to us there was a link for us to click on to change our password. This is bad practice. We are always exhorted NEVER to click on such a link in an email as this is the route by which "phishers" obtain our details. We should have been advised to go to the website directly to sign in and change our password.

  4. Alan Cranston responded on 1 May 2014 at 9:30am Reply

    Thanks for this but surely the email was unwise? No-one should be sending email with "click here to change your password" messages. The advice to sign on is fine - but, again, there was a live link in the email.

  5. Ellen West (Head of Online Content) responded on 1 May 2014 at 12:20pm Reply

    We are sorry for any confusion caused by the inclusion of the ‘change password’ button in our email. This was an addition made by the web team to enable our users to get to the right area of the website smoothly. That said, the advice of our CTO would always be to sign into the website independently rather than following a link in an email. Apologies for the mixed message – while you can use the links in our email safely it is always best to be cautious when directed to visit a website to change your password.

    Best wishes

    Ellen

  6. Sheila responded on 1 May 2014 at 2:06pm Reply

    I have changed my password as requested but must say that I did not trust the message and thought it could be a scam. I would never click on a link. I logged into the site today as I was booking tickets and it was very easy to change my password, just hope I remember it!

  7. David Ogilvie-Thomson responded on 29 May 2014 at 7:54pm Reply

    Same problem as comment number one - attempts to change my password, using various different ones result in the same comment "unknown exception" every time. Would you please advise me how to create a password that will past muster.

    Many thanks.

    • Chris Shipman (Content Producer (Social Media and News)) responded on 3 June 2014 at 3:58pm

      Hi David,

      This should be resolved now - it was due to a duplicate account being merged by our team, with you ending up with two identical email logins on the one account, one active and one inactive. Our Box Office team have now addressed it.

      Thanks,

      Chris
      ROH Content Producer

Comment on this article

Your email will not be published

Website URL is optional