> You say there's no evidence that customer data was affected, but the heartbleed bug leaves no logs, so that is not re-assuring at all
Well, if they're looking for people making use of the data received by the exploit that is re-assuring..
> You've said before that Mint servers are being updated, which suggests that it was exposed. If this is the case, have you gotten new SSL certificatess? (this is extremely important see next point)
Almost everyone was exposed. I'd like to know they have a new ssl cert too but not because of why you want them to.
> Even if I take a personal precaution and change my Mint and bank account passwords, if a hacker stole your cert at any time and you haven't gotten a new one, all my accounts are STILL vulnerable no matter how many times I change the password. This is because they basically have a permanent back door into Mint until you get a new SSL cert.
No, no they don't I don't think you understand ssl at all.
> Basically, if you don't answer the following questions, we have no choice but to STOP USING MINT FOREVER in order to secure ourselves. 1. Was Mint EVER vulnerable to the heartbleed bug (which has existed for 2 years) 2. If so, has the SSL cert been revoked and a new one acquired?
Good, stop using it, you're taking up security analyst resources to answer your stupid questions instead of letting them make sure everything is solid.
> You say there's no evidence that customer data was affected, but the heartbleed bug leaves no logs, so that is not re-assuring at all
Well, if they're looking for people making use of the data received by the exploit that is re-assuring..
> You've said before that Mint servers are being updated, which suggests that it was exposed. If this is the case, have you gotten new SSL certificatess? (this is extremely important see next point)
Almost everyone was exposed. I'd like to know they have a new ssl cert too but not because of why you want them to.
> Even if I take a personal precaution and change my Mint and bank account passwords, if a hacker stole your cert at any time and you haven't gotten a new one, all my accounts are STILL vulnerable no matter how many times I change the password. This is because they basically have a permanent back door into Mint until you get a new SSL cert.
No, no they don't I don't think you understand ssl at all.
> Basically, if you don't answer the following questions, we have no choice but to STOP USING MINT FOREVER in order to secure ourselves. 1. Was Mint EVER vulnerable to the heartbleed bug (which has existed for 2 years) 2. If so, has the SSL cert been revoked and a new one acquired?
Good, stop using it, you're taking up security analyst resources to answer your stupid questions instead of letting them make sure everything is solid.