On Monday the OpenSSL project announced a serious vulnerability, nicknamed “Heartbleed”. SSL is the encryption used to make the internet secure when transferring sensitive information, such as usernames and passwords. OpenSSL is the most popular open source encryption software and is widely used.
The Heartbleed vulnerability meant that it was theoretically possible for someone to collect and decrypt information passing through any secure site using OpenSSL, for example, an ecommerce site or bank.
Do I need to worry?
Brightpearl utilises OpenSSL which means while this bug existed there was a potential risk. The nature of the vulnerability means that an attacker would not have any kind of wholesale access to Brightpearl passwords. The vulnerability would have required an experienced and knowledgeable attacker to have specifically targeted and picked pieces of information to steal.
Our system has now been updated to remove the vulnerability, and although we do not consider it critical, you may want to update your passwords.
Can you tell me whether I was targeted?
Unfortunately, it is not possible for to know whether or not there has been an attack or if any information was leaked. Exploitation of the vulnerability leaves no trace of abnormal activity.
If you wish to update your staff passwords:
Each staff member can set their own password, or it is possible for you to do it for them. Learn more here.
Any integrations you use with your Brightpearl account (such as Shopify, Bigcommerce, ShipStation, ShipWorks but not eBay, Amazon or Magento) rely on Brightpearl usernames and passwords to access the Brightpearl API.
We explain how to update some of the more commonly used integrations here.
Did you know...
Brightpearl also offers additional security options for staff logins, such as requiring more secure passwords, expiry intervals and IP restrictions. Learn more here.