[matt__rose]

This sentence: "No examples have surfaced of anyone actually exploiting the vulnerability" is incorrect. The Canada Revenue Agency revealed that 900 SINs (canadian equivalent of SSNs, but nowhere near as totemically identifying) were stolen due to the heartbleed bug. http://www.theglobeandmail.com/technology/mounties-chasing-v...

[justinhj]

In order to know this they must have stored and subsequently analysed the ssl traffic. Something that I would think is quite unusual. So the true scope of data theft is probably much larger.

[simcop2387]

They might have turned on that logging when the bug was announced so that they'd have an idea of the threat they were under while updating.

[thisisdave]

I thought that sentence was referring specifically to vulnerable certificates.