What is it?
Recently, the internet security community uncovered a serious vulnerability in the transport layer protocol used by internet web services (called OpenSSL). The bug is called Heartbleed because the extension it affects is nicknamed “Heartbeat” by engineers.
Approximately 2/3 of all websites on the internet are estimated to have been affected.
What is being done about it?
OpenSSL has released a patch for the bug, but this patch still needs to be implemented by sites that were deemed vulnerable.
Is this going to solve the problem?
Experts say that the bug may have been around for two years – this means that site security data may have already been compromised. This includes user data such as passwords or credit card information.
Do I need to worry about my site?
Kalio has taken measures to ensure that our systems are secure. If you are not a Kalio customer, we recommend you check that your site was not running one of the vulnerable OpenSSL verions (up to date information can be found here http://heartbleed.com/). Remember that even if the eCommerce software you are using is not at risk, your hosting environment can still contribute to security issues.
What else can I do?
Make sure to monitor other personal and corporate accounts, such as email, bank, and any other online accounts. Experts recommend changing your passwords, as well as monitoring credit card statements for any rogue transactions. Here is a good list of passwords that you should change ASAP.