Quick note:

All Zoho servers( including that which host ServiceDesk Plus On-Demand)  are patched, and your data is safe.

The details:

Soon after the information about this vulnerability became known, we started patching all our servers using the newer, protected versions of OpenSSL. This operation was completed in a few hours after the news broke out. We renewed our SSL certificates too. So, we are no longer vulnerable.

As of now, we have no indication that the vulnerability has been exploited against ServiceDesk Plus On-Demand. However, we would like you to follow these safeguards.

1. It is advisable that you change your Zoho account passwords immediately if you use them ( and not SAML) to access the application.

2. To be doubly safe, please have your Organization Admin enable Two Factor Authentication (TFA) for your accounts.

We will update this post, as and when we have more new info about the vulnerability.