April 9, 2014

A Few Words on the Heartbleed Bug

Posted by Sean Edgar Category Icon2Checkout Category IconTechnology

Yeah, we know: the recent Heartbleed fiasco is kind of a big deal, and the news avalanche that’s followed hasn’t quelled fears of stolen passwords and hacked financial data. For those who haven’t been following, Heartbleed is a coding bug that allows outside parties access to the memory of servers running OpenSSL. This bug essentially “undoes” encryption, stripping security away from sensitive material whether it be from a bank account or cloud-based photo album.

But will Hearbleed effect your 2Checkout account? Will you expose your customers to potential bad actors or fraudulent parties? Not at all.

2Checkout uses the OpenSSL software in its payments processing solution for SSL secured access to the 2Checkout solution. As far as the Heartbleed SSL bug is concerned, though, the version of OpenSSL used for the payment and Vendor Administration pages is not —and never has been — vulnerable to the Heartbleed bug. Any party attempting to access 2Checkout credit card or seller data through Heartbleed will be sorely disappointed. With that said, we’ve also updated OpenSSL, eliminating any chance the Heartbleed bug would have of exposing data. Even in sections that employ this code, like the documentation pages, no data exists that could pose a security threat.

In other words, you are not at risk of the Heartbleed bug at 2Checkout. Sell safely and securely. For more information on preventing e-commerce fraud, download 2Checkout’s free e-book, The Guide to E-Commerce Fraud.