Title made it confusing: how did bitbucket even have users' SSH keys?<p>However, it seems to be about their host keys. The article seems down for me, but <a href="https://bitbucket.org/blog/" rel="nofollow noreferrer">https://bitbucket.org/blog/</a> has a title "ACTION REQUIRED: Update your Bitbucket Cloud SSH Host Keys".<p>That means that you need to drop their entries from your known_hosts file or you risk a MITM attack on an insecure network.<p>Considering we usually blindly accept new SSH hosts without checking for fingerprints (eg on new or reinstalled machines), it's probably unlikely this will be exploited in the wild since it already could have been.