BigCommerce & the Heartbleed Bug
A lot of concern has built around the BigCommerce platform user base, and with good reason.
The good news are that BigCommerce is assuring all their customers that their platform has been successfully patched and that many online stores were not even affected based on their current OpenSSL software version.
The Heartbleed Bug was an extremely dangerous vulnerability that affected hundreds of thousands of websites using the OpenSSL software package. Basically what we thought that was secure could actually be intercepted and decoded by cyber-criminals to read passwords and other sensitive information while in transit.
Here is what BigCommerce had to say about this issue:
Were Bigcommerce stores susceptible to this vulnerability?
The majority of Bigcommerce storefronts were never exposed to this vulnerability due to the version of OpenSSL in use.
Since March 26, 2014, some newer stores were provisioned on an infrastructure which used a version of OpenSSL susceptible to this vulnerability. Bigcommerce has patched the affected infrastructure and it is no longer vulnerable.
Is there anything else I need to do?
While the majority of Bigcommerce storefronts were never exposed, merchant logins are performed through bigcommerce.com and login.bigcommerce.com, which were susceptible to attack. Both of these websites were patched on April 7, 2014.
While there is no evidence that any sensitive information was exposed, we recommend changing your store passwords as a precaution.
-Chris Bulton (BigCommerce Staff Member)
While the Heartbleed Bug has been a big issue for many online retailers, online store running on the BigCommerce platform can rest tonight knowing their sites are secure.
Now… What about addressing the Consumers’ fear? We recommend you use one of our “Heartbleed SAFE Site” and “Heartbleed Verified SAFE Site” seals. You can learn more and download the seals from our previous post or CLICK HERE to go there now.