The engineering team at Twilio has issued a customer security notice regarding the Heartbleed vulnerability in OpenSSL's handling of heartbeat packets. The company has conducted a comprehensive security review and found that its public services are not secured by a version of OpenSSL with the Heartbleed vulnerability. However, some customers may be using hosting providers or OpenSSL deployments that are affected. Twilio is urging its customers to audit their service providers and check for vulnerable versions of OpenSSL. If the hosting provider or OpenSSL deployment was not affected, there is no further action needed. But if it was, customers should follow a series of steps to secure the vulnerability, including repairing any vulnerable systems, resetting their Auth Tokens, and changing their Twilio passwords. The company has also issued new SSL certificates for twilio.com as a precautionary step and has updated its Twilio Client iOS SDK to eliminate the affected version of OpenSSL.