On Monday a security patch was released to the OpenSSL project to fix a serious security vulnerability. The bug, nicknamed Heartbleed, allows anyone to read information from the memory of a server that is running a vulnerable version of OpenSSL.
As news of the Heartbleed bug spread, Zopa took immediate steps to review our servers and the version of OpenSSL that we were running. As a result of the investigation we found that we were not running the vulnerable version of OpenSSL and so not affected by the Heartbleed vulnerability.
Although we were not affected, other websites that our members use may have been. We highly recommend our members change their Zopa password to be safe especially if the same login credentials are used to access a number of sites.