On Monday, a serious a vulnerability called the Heartbleed Bug was discovered in OpenSSL. It affected a massive percentage of services on the Internet - over a half a million Websites - including Orchestrate and other infrastructure and data services.
We immediately took steps to remedy the situation, and all of our servers are now updated to the latest version of OpenSSL, which includes a patch for the vulnerability. Orchestrate is secure, and no service downtime was incurred during the fix.
While there is no evidence that passwords, application data, or any other private information on the Orchestrate service was compromised, this bug was especially pernicious because the attacks were untraceable. We strongly recommend that you reset your API keys and passwords immediately - for all of your online services and accounts - if you haven’t done so already.