“Heartbleed” Security Vulnerability
Wednesday, April 9, 2014
11am ET - You have likely heard about the “heartbleed” security vulnerability with OpenSSL. There is a good summary here. For our web servers, we use Microsoft IIS which is not impacted by this bug. We are currently checking the status of our third party partners (e.g. payment gateways) and will report back once we have an update on their status.
3pm ET update - so far, all third parties have confirmed either not using OpenSSL or having applied the patch. Waiting for one more response.
Apr 10, 9am ET - we received confirmation from Vantiv that the Skipjack payment gateway is not impacted by the #Heartbleed bug