Heartbleed Security Flaw – What You Need to Know

Some of you may have heard of a recent security flaw discovered by a Google researcher and an independent Finnish security firm called Codenomicon. The flaw has been dubbed Heartbleed, which effects OpenSSL, an open source encryption technology that is used by roughly two-thirds of websites on the Internet.

Whenever you set up an account or make a purchase on a website, the data you enter is encrypted using SSL technology. SSL means Secure Socket Layer, or in other words a layer of protection that scrambles the data entered so hackers can’t see it.

Christmas Lights Creations uses what is called an Extended Validation SSL, a 256-bit encryption that goes beyond the standard 128-bit SSL many websites use. But even with the stronger SSL we employ, Heartbleed, at least in theory, had the ability to “see” unencrypted personal data.

I emphasize the word had because at no time was Christmas Lights Creations effected by Heartbleed. Moreover, our web host applied a security patch on it’s servers, including the one hosting our site. When the patch is applied, the potential effects of Heartbleed are neutralized.

On April 3, we renewed our EV SSL certificate as we are required to do annually. We want to assure you that your personal data – your name, address, telephone number and e-mail address – is safe and no one other than myself has access to it. That is the only customer data we maintain on our site and our server.

You can view our EV SSL Certificate by navigating to the Cart page on this website, then click the badge located at the top right in the sidebar. Once clicked, a new window will open and you can read all the information pertaining to our business and the validity of our certificate.

Every order that has been processed through our website is printed for record keeping and tax purposes. Those orders, which do contain your name, address, telephone number and e-mail address, are stored in a locking file cabinet. The only person that has a key to that cabinet is me.

Your credit card and Pay Pal data is also safe. We don’t process payments through our servers, unless an order is taken over the telephone. In that event, if you choose to pay for your purchase with a credit card, we use a virtual terminal on Stripe, our credit card processor’s website. Your credit card number is never processed on our server. After the card number is read to us, we enter that information into the virtual terminal. The data is then encrypted and we can’t see it again. As is the case with your personal information stored on our website, the only person that has access to that data is me.

If you choose to pay for your purchase using your Pay Pal account, we offer the Pay Pal Express gateway. In using this method, you are taken from our site to Pay Pal’s website where your credit card or checking account information is processed. We do not have access to that information. The only data we see is the final result of the payment having been successfully completed through Pay Pal.

We also employ other security measures on our site to protect our customers. I won’t go into specifics, but I can assure you there are daily scans on our site to detect potential problems. Christmas Lights Creations is a safe and secure website, and your personal data is well protected.

As a precaution, it would be a good idea if you updated your passwords on every website you have set up an account with. However, you must first ensure that the site owner and the site’s hosting provider have employed the necessary security patch to address the Heartbleed issue. Once that patch has been deployed, then you can revise your password.

All of these topics, security measures and procedures are further discussed in our Privacy Policy and Payment Terms.

If you have questions regarding Heartbleed or other security related concerns, please use the Contact Us form.

Subscribe to our Newsletter
Connect With Us

Warehouse Location

4289 Concorde Road
Memphis, Tennessee 38118
Appointment Only!