Newsela articles and quizzes are available on all major devices and platforms.
- Android phones
- Android tablets
- Amazon Kindle
- Internet Explorer 9+
Newsela takes data security very seriously and follows industry best practices.
Newsela requires users to connect to newsela.com securely via HTTPS. This requirement protects the security of student and teacher data. The lock icon in the browser's address bar confirms a secure connection to Newsela.
Newsela supports SSL v3 (Secure Socket Layer) and TLS v1.0 - v1.2 (Transport Layer Security).
Newsela's SSL certificate is signed by the Equifax Secure Certificate Authority. The root signing certificate can be downloaded from https://www.geotrust.com/resources/root-certificates/.
Newsela's website and database are hosted with Amazon Web Services’ secure data centers. More information on AWS security practices can be found here (link to http://aws.amazon.com/security/).
Users’ passwords are iteratively hashed using PBKDF2 with SHA2. Newsela takes steps to mitigate common website vulnerabilities, such as cross-site script injection attacks, SQL injection attack, and cross-site request forgery. Newsela does not store any banking or credit card information in our website’s database, and we do not require student email addresses.
Newsela's response to Heartbleed
On April 7, 2014, a vulnerability was announced in OpenSSL, a software library that helps secure data transmitted to a majority of websites on the Internet. The vulnerability has been nicknamed Heartbleed. Newsela was among the half-million sites vulnerable to the Heartbleed bug. Within 24 hours of the Heartbleed announcement, Newsela had resolved its vulnerability. The nature of the bug makes it impossible to say with certainty if users’ information was compromised prior to discovery. However, we have no evidence to suggest unauthorized access took place.
In direct response to Heartbleed, Newsela has taken the following steps:
- Upgraded OpenSSL to a version unaffected by the bug
- Replaced the SSL certificates for https://newsela.com
Out of an abundance of caution, Newsela also took the following proactive steps:
- Changed the passwords of all users with privileged access to Newsela's website
- Replaced the security credentials of all administrative and system accounts that would have granted access to any user data or site infrastructure
- Replaced the certificates used for secure communication between our technical staff and all Web servers
Newsela recommends that users change their passwords, which can be done at https://newsela.com/settings, but it is not a requirement.