Keeping Our Customers Safe – What You Need to Know About the Heartbleed Bug
April 10th, 2014As you may have seen in the news over the past few days, there is security vulnerability named the “Heartbleed Bug” that affected many of the sites on the web. The vulnerability is within the popular OpenSSL cryptographic software library. It is estimated that over 66% of websites were potentially vulnerable. Detailed Image uses OpenSSL, as does Google, Facebook, Yahoo, Amazon, and many other popular websites.
We want to provide our customers with the details of how we’ve addressed this serious issue. Keeping our customers information safe is one of our highest priorities, as is being honest and transparent with you.
Action We Took
Most importantly, we have no reason to suspect that any of your personal information was compromised.
However, we still take potential threats like this very seriously. A patch was released to fix this vulnerability. Within hours of it becoming available to us, we applied the patch to our server. We also reissued our SSL certificate. These two actions are what effectively close the vulnerability.
As you can see from the Heartbleed Test site, Detailed Image is now listed as fixed. If you’re curious, you can see our SSL certificate information here or by clicking the “lock” icon next to our URL in most web browsers while visiting a secure page like our login page.
How We Keep You Safe
This is also a good time to review what we’re doing every single day to keep your information safe. All of this information is always available in our Privacy Policy.
- All sensitive information that you enter is encrypted – we use high-grade secure socket layer technology (SSL) any time you enter personal information. This includes registrations, logins, contact forms, and of course throughout the entire checkout process.
- We do not store your credit card information – we do not, and never have, stored our customers credit card information. Nor does anyone on our team have access to your payment information. We use the very secure PayPal Payments Pro to process credit card orders. After entering your payment information they tell us whether your payment was successful or not, and that success/failure information is all that we store.
- We are fully compliant with the Payment Card Industry Data Security Standard (PCI-DSS) – meaning that we comply with a strict set of standards for our infrastructure and server setup outlined by the Payment Card Industry Security Standards Council, a council comprised of major payment vendors such as Visa, MasterCard, and American Express. This is verified regularly with a scan from an independent third party.
- We use strong encryption for your login credentials – the most sensitive bit of information that we do store is your password, and we take that very seriously. We use multiple forms of encryption, and again, for your security, no one on our team can ever access or view your password. As security experts recommend, we do highly advise that you use a unique password for every website that you use.
Further Reading
- LifeHacker – What the “Heartbleed” Security Bug Means For You
- LastPass Password Manager’s advice to it’s customers (LastPass is a simple, secure way to manage your passwords that adds an extra level of encryption to protect you)
- Technical information about the Heartbleed Bug
Questions
If you have any questions, feedback, comments, or concerns, please don’t hesitate to contact us.