Meebo security

Password encryption and website security

At Meebo, we recognize that security is important to our users and partners. This page explains some of the steps we take to keep you secure.

Meebo Check-ins Bookmarklet

Our Check-ins Bookmarklet uses https when submitting your information, so your username, password and check-in info are always encrypted.

Meebo Check-ins Website (meebo.com)

Passwords

Our check-ins website uses https when logging in, changing your password, and adding linked accounts, so your password is always encrypted.

Information other than passwords

All information other than your passwords (your buddy list, conversations, shared content, etc.) is not encrypted, so if someone were to intercept your transmission they could see the information that is being transmitted to and from your computer. This risk is greater when using unencrypted Wi-Fi or a public network. It is not currently possible for you as a user to configure whether this information is encrypted.

Meebo Bar

Passwords

If you are accessing your Meebo or third-party IM account through the Meebo Bar and your browser supports https, the entire log-in page is hosted on an https page, so your username and password are encrypted when they are transmitted. If your browser does not support https then our JavaScript code will encrypt your login credentials and then send the encrypted version to Meebo such that only Meebo can decrypt them.

Information other than passwords

If you use the Meebo Bar on an https web site, then all information that you transmit through Meebo is encrypted. Otherwise, all information other than your passwords (your buddy list, conversations, shared content, etc.) is not encrypted, so if someone were to intercept your transmission they could see the information that is being transmitted to and from your computer. This risk is greater when using unencrypted Wi-Fi or a public network. It is not currently possible for you as a user to configure whether this information is encrypted—this is something that is controlled by the site owner where you use the Meebo Bar.

Meebo Messenger (meebo.com/messenger)

Meebo Messenger uses https for all traffic, so usernames, passwords, your IMs, and buddy list are always encrypted.

As with any secure web site, you should remain vigilant:

• The web page address should start with "https"
• Your browser should not have shown you any certificate warnings when you loaded Meebo
• Newer browsers show the text "Meebo, Inc. [US]" with a green background next to the address bar
• If a padlock is displayed, it should be locked

Mobile Web Messenger (meebo.com/mobile)

Our web-based mobile version of Meebo Messenger uses https for all traffic, so usernames, passwords, your IMs, and buddy list are always encrypted.

Android app

Our native Android application uses https for all traffic, so usernames, passwords, your IMs, and buddy list are always encrypted.

Blackberry app

Our native BlackBerry application relies on the underlying encryption of the device for security.

iPhone app

Our native iPhone application uses https for all traffic when you are connected via Wi-Fi. If you are connected via EDGE or 3G then the application uses http and relies on the underlying encryption of the wireless network for security.

Password storage

• If you create a Meebo account, we store a "hash" of the password for the account on our servers.
• If you associate a third party IM account with your Meebo account, we store an encrypted version of the password for this account on our servers.
• If you sign in to the Meebo Bar, we store an encrypted version of your password on our servers. The decryption key for the password is a randomly generated token stored locally in your web browser. If you checked "keep me signed in" then the token expires after two weeks and we delete the encrypted password from our servers. If you did not check "keep me signed in" then the token expires when your browser exits, and we delete the encrypted password from our servers after 24 hours.
• If you sign in to Meebo Messenger (www.meebo.com) with a third party IM account (not associated with a Meebo account), we do not store your password.

Questions about security

If you believe you have discovered a Meebo security incident to report, please contact us immediately. Please include a detailed summary of the issue, including the name of the product (e.g., Meebo Messenger or Meebo Bar) and the nature of the issue you discovered. Be sure to include an email address where we can reach you in case we need more information.

While we strive to make the Meebo experience easy and simple for users, the technology underlying our services can be complex and take time to update. When properly notified of legitimate issues, we'll do our best to acknowledge your report, assign resources to investigate the issue, and fix potential problems as quickly as possible.

If you have any suggestions or questions, please let us know.