Regarding "Mint's old cert": as many people have pointed out elsewhere, new server certificates can be backdated, so an old date is not in and of itself indicative of a problem.

I can confirm. Comodo, at least, reissues certs with unchanged "notBefore" dates.

The bigger issue here is the utter lack of communication from Mint. They deal with Serious Data™. If their organization don't recognize the need to communicate with their users about this, then what other risks do they not recognize?

I understand why Mint stores these usernames and passwords, but this is one of the biggest reasons that we do not at Knox Payments. I remember explaining to investors that yes SSL is safe to transfer the information and yes we could do an excellent job at securely storing them, but god damn you just never know and I don't want that responsibility if we don't need it. Low and behold, SSL itself (well, the common implementation of it at least) was failing us for our entire existence and we (and almost everybody else) didn't know.

It's always funny to see somebody so eager to post a smarmy, obnoxious response to an article that they don't bother to actually read the article.