Three days ago (April 8th, 2014) word broke of a critical vulnerability (code named "Heartbleed") within the popular cryptographic software, OpenSSL, that allows an attacker to read the memory of the host system. Roughly two thirds of the internet relies on OpenSSL to keep sensitive data secret and private, leaving many sites and services (including those provided by Bukkit) potentially open to data leakage. How did Bukkit respond? CloudFlare, a service we depend on for Content Distribution among other things for many of our sites, patched the hole before it became public knowledge and we patched the rest of our systems shortly after (although it did take slightly longer due to complications we experienced with some of them). Despite our relatively quick response to this issue, this security hole has existed in OpenSSL since December 31, 2011 (though it was only made known recently) so the impact of this vulnerability is unknown. What do we recommend you do? It's better to be safe than sorry in this case. Although we (and the services we use) responded quickly to patch this exploit, the vulnerability has existed for more than 2 years prior making it difficult to evaluate its impact. Couple this with the fact that the use of this exploit leaves no traces, we advise our community to reset all Bukkit related passwords as soon as possible. As for other sites, services or applications you use, you should be on the lookout for statements from their teams notifying you that Heartbleed has been patched or does not affect them before resetting your passwords and authentication information. If you use the same passwords for Bukkit as you do elsewhere (which you should not be doing), please change your passwords on those sites and services too.