I had someone ask me about this today so I figured you all should know where we stand on it.
As soon as this started circulating in geek circles, before it hit the headlines, we examined our network and found that only one server was susceptible to the HeartBleed bug.
That server stores no user information of any kind: no usernames, no email addresses, no passwords (we haven't stored any credit card data on any of our servers for several years now).
Even though that server contained no data to steal, it was immediately patched, a new security certificate installed, and the old certificate revoked. Admin passwords have been changed.
Bottom line: whatever the NSA has in their files about you, they didn't get it here.
As soon as this started circulating in geek circles, before it hit the headlines, we examined our network and found that only one server was susceptible to the HeartBleed bug.
That server stores no user information of any kind: no usernames, no email addresses, no passwords (we haven't stored any credit card data on any of our servers for several years now).
Even though that server contained no data to steal, it was immediately patched, a new security certificate installed, and the old certificate revoked. Admin passwords have been changed.
Bottom line: whatever the NSA has in their files about you, they didn't get it here.