Earlier this week, an emergency security advisory was issued by the OpenSSL project warning us about a bug called Heartbleed. If the name sounds scary it’s because this is the biggest security flaw ever discovered on the Internet. Tens of millions of servers were exposed and anything hosted on a server was considered defenseless.
The Heartbleed Bug allows attackers to steal information that’s protected under the popular OpenSSL cryptographic software library. Your email address, login passwords, and credit card information are all vulnerable to Heartbleed and there is literally nothing you can do about it. This is a serious threat because many of the Internet’s most- visited websites use OpenSSL and several services have already been affected.
Amazon, Tumblr, and the Wikimedia Foundation are among some of the websites that were victims of Heartbleed and urged users to update their passwords. There’s no telling how many people have been impacted yet because audit logs have determined that attackers were able to exploit the flaw for five months before it was discovered on April 7, 2014. If you’ve ever entered information on a website that uses OpenSSL, you’re at risk.
Fortunately, Newegg was not a victim of Heartbleed. Only this blog — which is not hosted on our own server — was vulnerable at one point. But the expert IT team from our host was able to fix the issue before it escalated. The Unscrambled blog only experienced a brief period of downtime while our host upgraded the server before it was too late. No harm, no foul.
Shopping on Newegg remains as safe as ever and you don’t have to worry about Heartbleed stealing your information from us. We realize this is a scary time for online consumers and we want our customers to know that all Newegg websites are 100% secure.
Even though you’re safe from Heartbleed on Newegg, you’re still at risk from other websites. Before you panic and start changing every password you store online, it’s better to wait for an official announcement that tells you to do so. You should also make sure the website that was affected has installed the new version of OpenSSL which fixes the bug. If you change your password on a website that is still vulnerable to Heartbleed, your information could still be stolen.
There are many websites that don’t use OpenSSL and changing your password won’t even matter. The only exception to this is if you use the same password on multiple websites — something that you should never do for this very reason. If you’re curious about which websites were affected by the Heartbleed Bug, Github has a large list of websites that were vulnerable when it was first discovered.
The Heartbleed Bug is a wakeup call for the billions of people that use the Internet on a daily basis. We input our personal information into websites without giving it a second thought and assume nothing bad can happen. This is why Newegg is committed to not only protecting you against Heartbleed, but from any other malicious threat that roams the World Wide Web.
We have several security measures in place for our website and are secured by VeriSign and Trustwave. We’re also a Google Trusted Store with over 10 million transactions and have a 99.9 percent escalation-free order rating. Not many e-commerce websites are as safe as Newegg’s and that is why we are proud to have nearly 100 awards that prove we are one of the best.
Thank you for sticking by our side during the Heartbleed crisis.