Yesterday, it was reported that a large security bug was found and is being repaired. You can read more about it from the BBC here.
We are aware of the OpenSSL “Heartbleed” vulnerability and have worked with our hosting vendor to upgrade OpenSSL to an unaffected version. We have rekeyed, reissued, and updated our certificates, as well as updated relevant passwords.
In layman’s terms, we think we’re in the clear. But, while we have no reason to believe that any private information was accessed via this vulnerability, we would recommend that Yapp users update their password as a precaution.
-The Yapp Team