A Note about Heartbleed:|
Many of our customers have asked about the recent publicity regarding the HeartBleed information disclosure vulnerability. Most PixelGate servers, such as our mailservers and virtual domain webserver clusters, were not affected because they used versions of OpenSSL that did not contain the exploit. Those servers which had the vulnerable version were quickly patched by us the day after the disclosure when RedHat released their fix.
Please note that the exploit involved only information 'on the fly' as you were actively logging in or using an SSL service such as an HTTPS login or IMAP with SSL. Traditional HTTP, FTP or POP3/IMAP was not vulnerable. Information just sitting on an affected server was not directly at risk. Thus IF the server you use was vulnerable, then the major concern is that bad guys were using the exploit to monitor the SSL activity and could possibly have seen a user/pass combination.
Although our customers are probably not as juicy a target as Facebook or Twitter and we doubt the bad guys had the time to get around to looking at them, we still recommend changing any passwords if you were notified as being on an affected server. Actually changing passwords once in a while is just good practice, so now would be a good time to do that anyway.