Retailers Sending Mixed Messages in Wake of 'Heartbleed' Bug Scare

PHOTO: The Heartbleed Bug allows anyone on the Internet to read information through vulnerable versions of OpenSSL software.

The dreaded "Heartbleed" bug has prompted security experts to warn that information on approximately half a million websites may be vulnerable to hacking, but most companies are still standing by their statements that customer information is safe, including retailer Target, which was the subject of a massive data hack reported last November.

Read More: 'Heartbleed' Online Bug: How to Protect Yourself

The contradictory tone of alarm and re-assurance has led to a patchwork of advice from online retailers and other companies with a major Web presence.

Department store Neiman Marcus, the subject of another recent security breach, did not immediately respond to's request for comment.

Read More: Hackers Steal Credit Card Data From Neiman Marcus Customers

Adam Levin, co-founder and chairman of IDentity Theft 911, said passwords do have to be changed, but if you do so, the timing counts.

"First, find out site by site what they're doing to get the site protected –- you can do this by seeing if they've issued a public statement or contact them directly. Once the problem is solved, then change your password –- make each new password unique and hard to crack," Levin said. "With any type of exposure, be extra careful of cyber thieves that look to harp on news to take advantage of consumers. Be cautious of shared links and news about the bug."

Here's what Target and other sites are saying about how they fixed potential vulnerabilities in their system:


Molly Snyder, a spokeswoman for Target, said the company launched a "comprehensive review of all external facing aspects of" on Tuesday.

"Based on our findings, we do not currently believe that any external-facing aspects of our sites are impacted by the OpenSSL vulnerability," Snyder reiterated on today.

OpenSSL is a protocol that is supposed to keep Web communication secure.


Ryan Moore, a spokesman for eBay, said, "eBay is aware of the security vulnerability identified in a version of OpenSSL, also known as the Heartbleed Bug. The vast majority of our services were not impacted and our users can continue to shop securely on our marketplace. Consumer safety is our top priority, and we will continue to monitor this bug to ensure our users remain protected."

The company told customers on Thursday: "1. Your Marketplaces account is secure

2. Your Marketplaces account details were not exposed in the past and remain secure

3. You do not need to take any additional action to safeguard your information

4. There is no need to change your password."

"While we always advise our customers to be cautious and aware of the security of their personal accounts, in this case we want to reassure you there is no need to be unduly concerned," eBay said in its statement. "When you login to eBay using your user name and password these details were not exposed to the OpenSSL vulnerability."


A Facebook spokesperson said on Wednesday that the company "added protections for Facebook's implementation of OpenSSL before this issue was publicly disclosed, and we're continuing to monitor the situation closely."

"We haven't detected any signs of suspicious account activity that would suggest a specific action, but we encourage people to take this opportunity to follow good practices and set up a unique password for your Facebook account that you don't use on other sites," the Facebook spokesperson said.


  • 1
  • |
  • 2
Join the Discussion
blog comments powered by Disqus
You Might Also Like...
See It, Share It
PHOTO: The probable path of Hurricane Fred is seen in a graphic released by the NWS National Hurricane Center, Aug. 31, 2015.
NWS National Hurricane Center
PHOTO: Kanye West accepts the Vanguard Award onstage during the 2015 MTV Video Music Awards at Microsoft Theater on August 30, 2015 in Los Angeles, California.
Christopher Polk/MTV1415/Getty Images
PHOTO: Director Wes Craven attends the screening of Life Itself at the ArcLight Cinemas, June 26, 2014, in Hollywood, Calif.
Paul Archuleta/FilmMagic/Getty Images