If you have followed technology news recently you will have heard about a massive bug in OpenSSL that allowed attackers to read random memory (which could be data, passwords, certificates, anything) from affected machines.
I patched Quaddicted immediately after reading about it ~24 hours ago:
But this means that someone might have previously grabbed data of the server. Since I highly doubt that I did not generate a new certificate nor did I force all users to choose new passwords. Maybe I will do so later just because that would be best practise. Quaddicted is not exactly a very interesting target nor is the information you guys store on it very sensitive.
http://heartbleed.com/ and https://www.schneier.com/blog/archives/2014/04/heartbleed.html are nice overviews.