As of a couple days ago, a serious internet security risk called the “Heartbleed Bug” has been detected on a large number of websites that can put your private information at risk.
Information transmitted to an Internet site affected with this bug, such as a log-on page for online shopping, may become available to a third party. The Heartbleed bug has the potential to expose your private data, including usernames, passwords, credit card numbers, and emails.
How does it work?
Heartbleed is a vulnerability in the OpenSSL protocol – one of the most common data encryption mechanisms on the world wide web that is used to keep data such as your passwords and credit card information secure. The Heartbleed bug exploits this vulnerability via a loophole to obtain data that is intended to be hidden from spying eyes.
Was Brixwork effected?
It is incredibly unlikely. Brixwork websites do not use the OpenSSL mechanism of encryption.
In addition, our websites only contain listing data, photos, and videos. This is not a target for advanced hacking attacks such as Heartbleed. These crooks are out to steal massive amount of credit card information at once rather than mess with your listing prices.
What we are doing:
That being said, precautions are taking place to update the security on the following peripheral services that affect all of our clients:
Email generation system – we are updating the security credentials on this, and issuing a patch throughout our entire network tonight. This will keep leads coming in without compromise without being abused as a spam gateway.
Social media management platform – we are updating all logins and passwords. It may be compromised so we want to ensure that it is updated to prevent spam & abuse on our clients’ accounts.
Accounting & billing systems – we are updating all logins and passwords. However, they ARE secure. There is no credit card data visible on those platforms. Even our CEO Jeff Kee cannot get your credit card information when logged into this – only transaction result data. That being said, to be on the safe side, we are making changes.
Brixwork social media accounts – we are updating all logins and passwords since we often post on behalf of clients, give promotion to clients on a variety of outlets such as Pinterest, Tumblr, Facebook and more.
Server access – we are updating all logins and passwords though we periodically update the passwords on such anyway regardless of emergencies like the Heartbleed Security Bug.
What should you do?
Other services may be affected. This list includes commonly used online shopping websites and social media platforms that you may be using regularly. You should change your password immediately. Please review the following list, courtesy of Mashable Magazine:
The Heartbleed Hit List: The Passwords You Need to Change Right Now
Also note that the CRA has shut down Revenue Canada’s website, so online filing of taxes may be delayed:
Heartbleed bug may shut Revenue Canada website until weekend
As far as we are aware, there are no shutdowns with IRS services in the USA.