Heartbleed Bug Threatens the World Wide Web

By April 10, 2014Newegg Newsroom


Earlier this week, an emergency security advisory was issued by the OpenSSL project warning us about a bug called Heartbleed. If the name sounds scary it’s because this is the biggest security flaw ever discovered on the Internet. Tens of millions of servers were exposed and anything hosted on a server was considered defenseless.

The Heartbleed Bug allows attackers to steal information that’s protected under the popular OpenSSL cryptographic software library. Your email address, login passwords, and credit card information are all vulnerable to Heartbleed and there is literally nothing you can do about it. This is a serious threat because many of the Internet’s most- visited websites use OpenSSL and several services have already been affected.

Amazon, Tumblr, and the Wikimedia Foundation are among some of the websites that were victims of Heartbleed and urged users to update their passwords. There’s no telling how many people have been impacted yet because audit logs have determined that attackers were able to exploit the flaw for five months before it was discovered on April 7, 2014. If you’ve ever entered information on a website that uses OpenSSL, you’re at risk.

Fortunately, Newegg was not a victim of Heartbleed. Only this blog — which is not hosted on our own server — was vulnerable at one point. But the expert IT team from our host was able to fix the issue before it escalated. The Unscrambled blog only experienced a brief period of downtime while our host upgraded the server before it was too late. No harm, no foul.

Shopping on Newegg remains as safe as ever and you don’t have to worry about Heartbleed stealing your information from us. We realize this is a scary time for online consumers and we want our customers to know that all Newegg websites are 100% secure.

Even though you’re safe from Heartbleed on Newegg, you’re still at risk from other websites. Before you panic and start changing every password you store online, it’s better to wait for an official announcement that tells you to do so. You should also make sure the website that was affected has installed the new version of OpenSSL which fixes the bug. If you change your password on a website that is still vulnerable to Heartbleed, your information could still be stolen.

There are many websites that don’t use OpenSSL and changing your password won’t even matter. The only exception to this is if you use the same password on multiple websites — something that you should never do for this very reason. If you’re curious about which websites were affected by the Heartbleed Bug, Github has a large list of websites that were vulnerable when it was first discovered.

The Heartbleed Bug is a wakeup call for the billions of people that use the Internet on a daily basis. We input our personal information into websites without giving it a second thought and assume nothing bad can happen. This is why Newegg is committed to not only protecting you against Heartbleed, but from any other malicious threat that roams the World Wide Web.

We have several security measures in place for our website and are secured by VeriSign and Trustwave. We’re also a Google Trusted Store with over 10 million transactions and have a 99.9 percent escalation-free order rating. Not many e-commerce websites are as safe as Newegg’s and that is why we are proud to have nearly 100 awards that prove we are one of the best.

Thank you for sticking by our side during the Heartbleed crisis.

Join the discussion No Comments

  • MADMatt says:

    You say newegg was not affected, yet I woke the other day to someone having logged into my account and attempted to order with a saved card. Good thing I did not have enough money for their transaction. I’d say it be a great idea to change your newegg password too! I personally will not be storing credit card information on any website going forward.

  • Dear MADMatt,

    We are very sorry to hear about this situation. By looking at your report, it seems like your account was hacked into; however, this does not necessarily mean that Newegg’s security was breached. We researched the Heartbleed threat and Newegg was not affected.

    For more information on data security, please click on the following link: http://bit.ly/14yg50I). You may also access our FAQ page, to contact us by clicking on the following link: http://bit.ly/1bUZ86i.

    Please know that we are here to help! Email us at WeCare@newegg.com and we will be happy to further review the account details.

    Thank you,
    Newegg Support

  • Will says:

    Why does the firefox heartbleed checker extension show https://www.newegg.com as being potentially vulnerable? The heartbleed icon is yellow instead of green. Are you sure that all of the servers in the path (maybe your isp’s caching and load balancing servers) have been patched? This make me extremely hesitant to continue shopping on Newegg.

    Please fix all of your servers.

  • Hi Will,

    Newegg takes customer’s security very seriously. We have researched this internally and we were never using any of the affected versions of OpenSSL, so your information is secure. Rest assured, it is safe to shop on our site. We appreciate your continued support.

    Thank you,
    Newegg Support

Leave a Reply