1) we upgraded openssl last night 2) we put in place new ssl certs last night/early this morning 3) we're in the process of forcibly logging out all users (reseting their user session token) to make them re-login using the new openssl/certs. 4) We're recommending all users change their passwords (forcibly doing this for all users is hard for us, because we don't actually require an email to have an account).