Last night, we completed the process of patching our server software to address the Heartbleed OpenSSL bug (
http://www.vox.com/2014/4/8/5593654/heartbleed-explainer-big-new-web-security-flaw-compromise-privacy). This means that our servers are no longer vulnerable to hackers attempting to access secure information via the bug.
Although it is unlikely, the nature of the bug is such that there is no way to be 100% certain that it has not already been used to compromise our servers. Therefore, we are now in the process of completely rebuilding the servers to ensure they do not contain any previously added malicious code or other vulnerabilities.
We'll be in touch with an update as soon as this process is complete, and will at that point recommend that all users with Admin access to Tizra sites change their passwords to ensure that their content and user data is protected. Admin users who are particularly concerned about security may want to change their passwords now, though they will need to change them again once the rebuild is complete.
When the rebuild is complete, we would also encourage publishers to ask that their end-users change their passwords as well. While a compromised end-user account is obviously not as potentially damaging as an Admin account, there is still the potential for unauthorized content access.