What is the Heartbleed bug, anyway?
Websites that accept credit cards need to comply with certain regulations to ensure their transactions’ security. These regulations are set by the Payment Card Industry (PCI) Security Standards Council and affect all online stores. The latest decision of the PCI council aims to fix a worldwide security vulnerability, also known as the Heartbleed bug, and requires all commercial websites to use up to date browsers by July 2018.
Heartbleed was discovered in 2014 and is a programming mistake in OpenSSL, the most popular cryptographic software library used over the internet. OpenSSL secures the privacy of all communication and transactions on the web and is widely used in internet web servers, serving a majority of all websites.
Due to OpenSSL’s vast popularity, Heartbleed left a large amount of private keys and other secrets exposed to the internet, and websites of all traffic sizes might be affected. An analysis on GitHub in 2014 revealed that sites like Yahoo!, Amazon Web Services, Pinterest, Tumblr and many more were using a vulnerable version of SSL.
After Heartbleed’s discovery, the PCI board decided that as of July 2018, all commercial websites must operate on updated servers that support the new, necessary versions of TLS protocol (Transport Layer Security).
Lightspeed, in compliance with the PCI decision, will update all servers per the requested deadline. This update will ensure privacy in all stores using Lightspeed, for both transactions and customer data. As a result, though, our merchants’ sites will no longer be accessible for outdated browsers.
We strongly recommend our merchants to update their browser and also, inform their customers about the advantages of using an updated browser. Updating your browser regularly, or enabling automatic updates, is a necessary process that will help you increase and maintain safety in your eCommerce store.
Read this help article on how to update popular browsers on your computer, mobile or tablet.