This week, a major security flaw was detected in OpenSSL, the open-source encryption standard used by the majority of websites and services. We took immediate steps to patch the potential vulnerability in our infrastructure, and Asana is no longer vulnerable.
We have no evidence of any malicious behavior, but we strongly encourage you to change your Asana password. We also recommend you change your passwords everywhere else, since this vulnerability affects many services and websites you use.
Please let us know if you have any questions or concerns.