Since the web is full of posts about the Heartbleed bug (CVE-2014-0160) - a vulnerability in the Open SSL that secures sensitive information online - we thought it was necessary to inform our customers that neither the East-Tec site, nor our financial transaction partner sites, Avangate, and BlueSnap have been affected.
What is Heartbleed?
The Heartbleed bug is an encryption vulnerability that allows unauthorized parties to steal confidential information handled via OpenSSL. Exploiting this flaw, third parties can access login credentials, credit card info, emails, and other, similarly confidential information.
Is my information protected on the East-Tec site?
Yes, it is. There is only one area on our site where you enter confidential information, namely the order page. Even though when you place an order, your details are protected by SSL, our financial partners have officially confirmed that their systems are not susceptible to the bug.
As soon as the security bulletin broke, we have re-checked all our external-facing SSL-secured services against this vulnerability. None of the services related to the payment processing were found to be susceptible to this bug, as none of them were setup in a way to be ever vulnerable. This means that neither the private keys nor other sensitive information were leaked at any point of time due to this vulnerability, even to potential attackers that had knowledge of this exploit before its disclosure on April 7th 2014. Rest assured that our security team continues to work hard to keep your data secure.
BlueSnap, Inc. has thoroughly investigated this matter as it relates to our systems and have determined that we are running one of the non-vulnerable version of Open SSL. Our customers' account information is — and have always been — uncompromised; there is no further action needed on your end. In other words, you are not at risk of the Heartbleed bug at BlueSnap.
If you have any further enquires, or concerns, please do not hesitate to contact our Support Team at firstname.lastname@example.org.