Earlier this week, a security flaw known as Heartbleed was published that affects approximately two-thirds of all websites that use SSL encryption. This issue greatly impacts ecommerce websites because every online store that accepts credit cards must use SSL encryption.
Stepping Stones Books & Gifts uses Shopify as our ecommerce website. Shopify has notified us that merchants and their customers using Shopify are safe from Heartbleed. The following is an exerpt from the information published by Shopify on April 10:
"During the middle of day on April 7th, the Heartbleed issue became widely disclosed. The Shopify network security and operations team immediately set to work to protect our hosting infrastructure. By 7:00 p.m. they had rolled out a fix across core infrastructure, and by midnight all secondary systems had been secured. The operations team continued to work into the night, and by the following day, all keys and certificates had been re-issued.
"Because of the rapid response of our operations team (faster than Google and Yahoo, for example) we haven’t detected any sensitive data being compromised. As a general precaution, we advise that you regularly change passwords… This would be a good time to update all such passwords."
"To re-iterate, all Shopify stores are safe from the Heartbleed vulnerability."
If you wish to read the entire text of the message from Shopify, click here.
Other websites you use may be affected by the Heartbleed security flaw. The Heartbleed Test may be used to check if any other website you use is vulnerable to this security flaw.