A bug in OpenSSL known as Heartbleed was disclosed (CVE-2014-0160) on April 7, 2014. This bug allows attackers to read portions of the affected servers memory, potentially revealing data that the server did not intend to reveal. Mozilla has revoked all Persona and Firefox Accounts bearer tokens, effectively signing all users out of Persona. We have no evidence that any of our servers or user data has been compromised, but the Heartbleed attack is very subtle.”]
Source: https://blog.mozilla.org/security/2014/04/08/heartbleed-security-advisory/

