Skip to content
Go to GoCardless homepage
LoginSign up

Heartbleed response

Harry Marr
Written by

Last editedJan 20201 min read

Earlier this week, Heartbleed - a security vulnerability in the OpenSSL library - was publicly disclosed. GoCardless uses software that depends on OpenSSL, which means we were among the large number of companies affected.

Our engineering team patched our affected software on Tuesday morning (April 8th), and replaced our SSL certificates. This means that we are no longer vulnerable to Heartbleed.

We have no reason to believe that any GoCardless data has been compromised, but given the nature of the vulnerability we recommend taking the following precautions:

  • We recommend that GoCardless users reset their passwords.

  • We have invalidated any sessions that were in use prior to the resolution of the issue.

  • We are adding the ability for API users to reset their API keys; we'll post an update as soon as this is possible.

If you have any questions, don't hesitate to email us at

Over 70,000 businesses use GoCardless to get paid on time. Learn more about how you can improve payment processing at your business today.

Get StartedLearn More

Interested in automating the way you get paid? GoCardless can help

Contact sales