You've probably heard of CVE-2014-0160, also known as "Heartbleed", a flaw in OpenSSL that could allow theft of data protected by SSL/TLS encryption.
After assessing the vulnerability and doing an investigation of our servers, we have concluded that the Mollom services were not affected. This includes mollom.com, rest.mollom.com, xmlrpc.mollom.com, dev.mollom.com and my.mollom.com. As a result, customers of Mollom are not required to change their passwords or API keys. Although if you are reusing your Mollom password (not recommended) for other services, it is recommended to change your password, in case those other services were affected.
We are constantly looking for vulnerabilities like this, and encourage everyone to report any that we've missed so that we can fix them before they are exploited.