On 9 April 2014 20:36, Don Stokes <don@daedalus.co.nz> wrote:

Is there any indication out there as to how widely this bug has been
exploited?

the only thing i've seen that mentions any possible use of the exploit:

http://arstechnica.com/security/2014/04/dear-readers-please-change-your-ars-account-passwords-asap/

With Ars servers fully updated, it's time to turn our attention to the next phase of recovery. In the hours immediately following the�public disclosure of the so-called Heartbleed vulnerability, several readers reported their Ars accounts were hijacked by people who exploited the bug and obtained other readers' account passwords. There's no way of knowing if compromises happened earlier than that. Ars has no evidence such hacks did occur, but two years is a long time. There's simply no way of ruling out the possibility.