Over the past month or so we have been contacted by multiple SunShop users reporting credit card breeches or malicious scripts within their installs. The common factor among these shops is that they were all running older and outdated versions of SunShop. We highly recommend upgrading your shop at least once every 2 years to ensure that you have the latest security enhancements and features. Although most of these shops were running 4.4.x versions of SunShop, please note that you should be updated to at least 4.5.5 or later at this time. The security improvements that we release with each new version are mainly to keep up with and on top of changes within the PHP language itself.
Shops Storing Credit Card Data
If you are currently storing credit card information within your shop, please note that 4.6.0 is the oldest version that we recommend you run currently. This is due to the fact that the encryption used in 4.6.0 and later does not store any local keys on the server at all and ensures that your clients credit card information is always secure even in the event of a database breach. Additionally, after you process the card data, please ensure that you are clearing the card details from the order completely.
How To Ensure Your Shop Is Safe
We highly recommend anyone running SunShop 4.5.4 or earlier upgrade immediately to the latest version of SunShop. If you are unsure on how to upgrade, we have details regarding upgrading on the following link located below. Keep in mind that upgrading to the latest version will not affect your theme modifications and your site will continue to look the same as long as your theme files are kept intact while you upgrade. When we do professional upgrades for customers, we do not touch the theme files unless specifically requested.
Upgrade Information: https://www.twt-inc.com/clients/knowledgebase/52/New-SunShop-Version-Available.html
Have Questions or Concerns?
If you should have any questions or concerns about the upgrade process, please feel free to reach out to support. We are more than happy to assist with security matters no matter what the status of your support is. Ensuring your site is secure and your customer data is safe is our number one concern.
Open a Ticket: https://www.twt-inc.com/clients/submitticket.php
Thursday, January 16, 2020