Received the following email from Stripe:<p>-------------------<p>Hello,<p>We are reaching out to let you know that your test mode secret API key was made visible on the Stripe.com docs and may have been seen by one of your Express accounts who was logged in and looking at our documentation. This only affected test mode keys, and no live mode keys were visible.<p>Stripe documentation uses your account’s test API key in code examples when you are logged in. We check the account associated with the current session, and use the API keys associated with the logged in account. We discovered that we were using the platform’s merchant ID and test API keys when an Express account that was in the process of signing up viewed the Stripe documentation. Updates have been made to prevent exposure of your keys in this manner.<p>We have investigated and concluded that there was no unauthorized use of your test mode secret API key. While no live mode keys were exposed as part of this incident, you'll want to secure your test mode API keys by rolling them as soon as possible. Rolling your test mode API keys will cause your test mode integration to fail, so make sure to contact your web developer or engineering team to replace any instances of the old API keys with the new ones. If you use a third-party platform that connects using an API key, you'll need to follow their instructions for updating it. You can find instructions on revoking your existing keys and rolling your keys here:
https://stripe.com/docs/keys#revoking-keys
https://stripe.com/docs/keys#rolling-keys.<p>Within the next 7 days, we’d like to request you roll your test mode API keys and reply letting us know. After that period of time, we will roll any keys that may be at risk of being exploited.<p>Feel free to reach out to us with any questions.<p>Kind regards,
The Stripe team