On April 7th 2014, a serious security issue called “heartbleed” was reported in the OpenSSL library. The library is used to encrypt private traffic on a majority of services on the Internet, including Trello. The issue could allow others to access private data from an affected server.
In order to eliminate the vulnerability, all of our systems have been patched and all of our SSL certificates have been replaced. As of now, we are no longer affected.
We are not aware of any malicious behavior, but due to the nature of the vulnerability, it can be difficult to determine. As a precaution, we’ve logged out all sessions. That means you’ll need to log back in, which is an inconvenient but necessary step. We’re sorry for the trouble. We also recommend resetting your password and removing app tokens via trello.com/my/account.
Because OpenSSL is used in so many places, we recommend checking to see if your other online services are affected before logging into them again. We recommend resetting your password on those services, too.