Security is a top priority for us and with the transactions we handle it is the utmost importance as Credit Card information as well as other personal information is something that our customers trust us with. If you haven’t heard of the “heartbleed” bug, it is essentially a bug that was recently discovered that allowed someone to see encrypted traffic ( you can read all about it here: http://heartbleed.com).
I just wanted to take a moment and assure you that we have patched our servers and taken the necessary precautions, however, this bug has been in existence for over two years and impacted over 75% of the servers out there, even the likes of Google was vulnerable up until yesterday. What exactly does this mean? Well, over the years had someone known about this they could have been stealing all sorts of personal data. Presently there is no indication that hackers used this vulnerability but the longer companies take to patch the more likely they will. You can tell if someone has patched their servers by visiting this site and putting in the URL: http://filippo.io/Heartbleed/
Rather than write a blog about what to do it is easier to link to others, this link will give you a quick sense of the issue and what passwords you should change. Keep in mind, if a site you use hasn’t patched their servers, changing your password would be futile. http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/
Additionally, I wanted to also use this opportunity to remind our customers that we do not store any credit card information on our servers. We are able to re-charge your card on future orders by holding what is known as a token, should someone gain access to our databases they would still not be able to access your credit card information. Additionally, we employ some of the industries toughest standards and maintain PCI Compliance (Credit Card Industry Rules on Security) when it comes to security in our infrastructure and we have come a long way from one itsy-bitsy server to the 10+ servers that run ACK.com. We rely on only the best hosting companies to host our servers in what is known as a managed environment, thus ensuring we are always up to date.
If you have any questions or comments please drop them below.
Peter @ ACK