Manhattan Wardrobe Supply, Heartbleed and Our Commitment to Customer Security

MWS has responded to a current security risk to protect our customers. On April 8th, a major security flaw was reported in OpenSSL, a security layer in websites that is utilized by most of the web including major sites like Google, Facebook, Flickr and Yahoo.  OpenSSL provides encryption for everything from online chats, to email to secure shopping.

What is Heartbleed 

In order to ensure the connection between computers still exists, OpenSSL will occasionally send a ping that asks for a response. This is called a heartbeat. The security flaw is that that ping can be used to send bad requests, asking the computer to send back private data hence the name “Heartbleed”.

How MWS Customers Are Affected

No one is yet aware of whether Heartbleed has been used to compromise data on MWS or any other website.  Websites using OpenSSL were advised to patch their sites immediately using the security update offered by OpenSSL.

How MWS Responded to Heartbleed

Wardrobesupplies.com was upgraded to FixedSSL early on 4/8/2014, as soon as we were made aware of the issue via our provider. MWS proactively took the additional step of reissuing all our security certificates through Verisign/Symantec. By 2pm EST, the upgrade had been completed.

Additionally, we are using good online practice by alerting you, our customers, of the issue and our response.

What This Means to Customers

The consensus is that Heartbleed is a very serious security threat, but once a site has been upgraded, that risk is mitigated. It is recommended that you change your online passwords (do so here) on MWS and other sites.

To see if a site you’re using is still vulnerable, use a Heartbleed site check. As you can see, MWS shows no vulnerabilities.

If you have any additional questions about how this affects you, please feel free to ask and we’ll be happy to respond.