[LocalPCGuy]

Or more likely, they were using software or hardware that was not affected by Heartbleed, and so were not at risk. Saying so would narrow down the infrastructure they are using though, and for a target like Mint, they would likely want to avoid explicitly saying so. Not going to stop a determined hacker, but it may stop the script kiddies with a downloaded toolkit.

After a small amount of research, it looks like they run Java webservers, along with (or on?) F5 Big-IP platforms, with the later likely providing hardware SSL decryption that isn't vulnerable to Heartbleed (mostly, apparently there were some vulnerabilities in certain configurations where it would fall back to Open-SSL.) The way Java webserver allocates memory is also different that the typical Apache/Linux server, so it is unlikely that even if the server was vulnerable that a hacker would actually be able to pull any data of any value from the chunks they could get.

I don't profess to be an expert on server security or the F5 Big-IP platform, but my point is, it would appear that there is no reason to not believe Mint when they say they investigated and have no reason for concern.