At this time, we have no evidence that iDoneThis has been attacked or that there has been any compromise of user data. All our measures have been precautionary.
We recommend that iDoneThis users change their passwords.
For the Less Tech-Savvy:
Heartbleed is a recently uncovered security vulnerability in OpenSSL, which is used to secure highly sensitive data such as passwords. This would allow would-be attackers to view sensitive, encrypted data from a compromised site without leaving a trace and to use this data to potentially impersonate users of the site.
We’ve fixed the security vulnerability and recommend that you change your password as a precaution.
For the More Tech-Savvy:
Yesterday the OpenSSL Project released an update to address the CVE-2014-0160 vulnerability. This vulnerability affected over 60% of web sites, including iDoneThis.
We updated the relevant code on our servers on April 8th, 2014. As of 1pm (Pacific Daylight Time), the vulnerability is no longer present.
As a precaution, we have also re-issued our SSL certificates and revoked our old ones.