Skip to content
Go to GoCardless homepage
LoginSign up

Heartbleed response

Harry Marr

By Harry MarrApr 20141 min read

Earlier this week, Heartbleed - a security vulnerability in the OpenSSL library - was publicly disclosed. GoCardless uses software that depends on OpenSSL, which means we were among the large number of companies affected.

Our engineering team patched our affected software on Tuesday morning (April 8th), and replaced our SSL certificates. This means that we are no longer vulnerable to Heartbleed.

We have no reason to believe that any GoCardless data has been compromised, but given the nature of the vulnerability we recommend taking the following precautions:

  • We recommend that GoCardless users reset their passwords.

  • We have invalidated any sessions that were in use prior to the resolution of the issue.

  • We are adding the ability for API users to reset their API keys; we'll post an update as soon as this is possible.

If you have any questions, don't hesitate to email us at

GoCardless is used by over 55,000 businesses around the world. Learn more about how you can improve payment processing at your business today.

Learn moreSign Up

Interested in automating the way you get paid? GoCardless can help

Contact sales