Earlier this week a critical security bug was discovered in Open SSL which is the foundational layer encrypting about three quarters of web traffic across the internet. This bug allows an attacker to read in data stored in memory which could include sensitive data such as passwords or credit card data and the keys used to encrypt and decrypt secure communications.
How Does This Impact Your Miva Store?
All Miva servers were immediately updated within minutes of the patch being released by the Operating System vendors. If you are hosted with Miva, this vulnerability has already been fixed.
If you are hosted with a different host, be sure to verify they updated their operating systems to ensure the fix has been applied.
What Precautions should I be taking to protect myself and my customers?
We have no record of any data breaches on any Miva Merchant stores. However, as a precaution we recommend you reset your passwords on all your Miva Admin users. This will protect you in the unlikely case your admin passwords were compromised.
To protect your customers we also recommend you post a message on your sites login page recommending customers reset their account passwords. Not only will this protect them on your website, but because this bug impacted ¾ of the websites on the internet, if their password was compromised somewhere else, it won’t carry over to your website.
Here is a tutorial on how to force your customers to reset their passwords if you wish to do this as well.
How can I tell if my site is patched?
- You can test your site here
- For more details on the heartbleed bug please visit: https://heartbleed.com/