One of the most widely used cryptography products called
OpenSSL, that is commonly used to encrypt web traffic, has been vulnerable to an attack called "
Heartbleed", which enabled attackers to read parts of the memory of a server responsible for encrypting traffic.
Soup.io has been vulnerable to this issue like +/-30% of the rest of the internet for a good part of the last year.
While
we did fix this issue yesterday, and installed a new SSL certificate today (due to the possibility of heartbleed having leaked the private key, although that's not a big problem due to our use of
PFS), it does not however preclude the possibility that
certain malicious entitites have been exploiting this vulnerability for quite a while before it became known to the security community
and used it to stockpile on login credentials and passwords. Think NSA.
Now, you would think, "who would want
my password? It's just Soup, there's nothing important there!" Well, you got a point. But you better make sure that you don't ever use this password again anywhere else (which you shouldn't do anyway).
tldr; change your passwords - like, everywhere.