What is it? Heartbleed exploits a flaw in OpenSSL. OpenSSL encrypts the information (username, password and credit card information) between you (your computer) and the server (the store that you are purchasing from). This flaw allows a hacker to see the information you gave to the server.
Are you at risk? The problem with the Heartbleed bug is that it leaves no trace that someone has been there. So, many sites have no idea they have been hacked. It is estimated that 81% of all sites were affected by the Heartbleed bug.
What should you do? First, you need to check and make sure the site (server) has been updated with the fix to prevent a hacker from seeing your information.
You can check a website by going to the following site: http://filippo.io/Heartbleed/
To see how this works, here is a screen capture on how to use the above site: http://www.screencast.com/t/K8BsTBSiy
You can also call or email the company and verify their servers have been patched.
Once you have verified that the site is no longer affected by the Heartbleed bug, change your password!
You will need to do this to every site where you have a username and password.
Here are some popular sites that were affected: (and they have been fixed)
Change your passwords for these sites!
Microsoft (including Hotmail and Outlook)|