What you need to know about the Heartbleed bug

heartbleed-blog-header

You may have seen in the media and online news about a bug called “Heartbleed”, which is affecting a large number of websites and cloud services around the world. The bug has presented itself in a core component websites use to secure traffic called OpenSSL. Here’s some more (and easy to digest) information about Heartbleed. 

Once the bug was made public, our security engineers at Vend wasted no time to investigate how we might be affected (in fact we were onto it within hours). We’ve determined that the servers which handle the secure HTTPS connections to your stores weren’t affected, but found that some of the other supporting machines in our infrastructure were running the affected version of OpenSSL. Within a couple of hours of the announcement, we upgraded all of those servers and later replaced our SSL certificates and keys.

What does this mean for Vend retailers?

We’re in a similar position to hundreds of other cloud services right now, where we have no way to confirm if this bug in a key component of the modern web was exploited on our servers. Which is why we recommend that Vend retailers change their passwords as a precaution – not only for their Vend accounts, but also other online services which they frequent. Here’s how to change your password in Vend.

This might also be a good time to go through the passwords you use and update them to be more difficult to crack. Check out this handy guide on choosing great passwords. If you’re using Google Chrome, the free Chromebleed Extension will let you know when you’re on a site that’s still affected by Heartbleed.

Internally at Vend, we’ll also be reviewing and beefing up our security and keeping an eye on the Heartbleed bug to make sure we continue to stay on top of it. The safety of your data is important to us and we’ll do our best to keep you and it safe.

As always, if you have any questions or concerns, please feel free to get in touch with our Support team (support@vendhq.com).

About Morgan Pyne

Morgan is the Chief Technology Officer at Vend, responsible for making sure the core infrastructure running the site and app performs superbly.