Moderators please read this entire thing before posting: I already saw the canned responses that Mint is "currently" not affected by heartbleed. But the nature of the bug means that if it EVER was, then all our data is still exposed to whoever got the key, even though it's currently patched. Let me break it down.

You say there's no evidence that customer data was affected, but the heartbleed bug leaves no logs, so that is not re-assuring at all

You've said before that Mint servers are being updated, which suggests that it was exposed. If this is the case, have you gotten new SSL certificatess? (this is extremely important see next point)

Even if I take a personal precaution and change my Mint and bank account passwords, if a hacker stole your cert at any time and you haven't gotten a new one, all my accounts are STILL vulnerable no matter how many times I change the password. This is because they basically have a permanent back door into Mint until you get a new SSL cert.

Basically, if you don't answer the following questions, we have no choice but to STOP USING MINT FOREVER in order to secure ourselves. 1. Was Mint EVER vulnerable to the heartbleed bug (which has existed for 2 years) 2. If so, has the SSL cert been revoked and a new one acquired?

The people you're making worried with these canned responses are the most tech savvy, because we're the only ones that understand how truly catastrophic this bug is. We're the ones that will be telling everyone we know that they can never trust Mint again because they won't even answer a simple question in the event of a catastrophe (which this really is. It's one of the biggest security bugs in internet history)