If you haven’t heard of the HeartBleed bug and you run a website that uses an SSL certificate to secure your site then please don’t waste any time before checking if your site, your data and the security of your website users has been compromised.
If you are unsure whether your site is affected then contact your web design or hosting company as soon as possible.
An SSL certificate uses secret hexadecimal keys to encrypt the data being transferred across the web both to and from your website. The HeartBleed bug makes the secret keys used to secure a site vulnerable to theft.
Almost 70% of all websites worldwide have been rendered insecure by this bug. To give you some kind of perspective of the scale of this issue this amounts to over 600 million websites.
If your website has been affected by this bug then an attacker could easily steal your usernames and passwords, emails and customer data, pretty much anything that is stored on your site without leaving a trace.
If your data has been stolen then there is no way of telling so you must assume that your site has been compromised. The first step is to ensure that the vulnerability has been resolved for your site, change your passwords and then contact all of your customers to inform them of the situation and to ensure that they reset their account passwords. Many people use a single password for multiple online accounts so you should also communicate to your customers that if they do this then they should also change the passwords used for any other internet accounts using the same password.
Whilst the Heartbleed bug has only just been discovered the vulnerability has existed since the 14th March 2012 which, if your site has been affected, has left more than two years for hackers to steal your data.
At times it has been difficult to justify to our clients why Teapot use premium hosting servers with almost obsessional security when there have been cheaper hosting options available. We are very pleased to say that no websites hosted via Teapot Creative are affected by the HeartBleed Bug and that at no point have they been vulnerable to the bug.
You can find out more about the Heartbleed Bug here – http://heartbleed.com/