It‘s worth emphasizing that some important services that users access everyday were affected by Heartbleed, including Yahoo Mail and LastPass. We weren‘t immune either, since most EFF servers were running vulnerable versions of OpenSSL. Even the private identity keys used by Tor Hidden Services may have been compromised, potentially putting some journalist organizations‘ communication with anonymous sources at risk.

Luckily, there‘s one important mitigation that actually protected some users from this security nightmare: perfect forward secrecy.