'A "serious vulnerability" has been found in the software that often encrypts your user name, password and banking information when you log into "secure" websites, as indicated by the little lock icon in your browser.
The "Heartbleed bug" has the potential to expose huge amounts of private data, including user names, passwords, credit card numbers and emails, since it was found in a popular version of OpenSSL software code. The code is used by over two-thirds of active websites on the internet to provide secure and private communications, reported a website set up by security researchers to provide information about the bug.'
This means all the data you send to affected servers (passwords, security information, etc.), which would previously have been protected by the OpenSSL software commonly used on the Internet, is visible to 'anyone on the Internet'. This affects previously secure sites with the 'https://' prefix to their address. Unfortunately, this problem is not fixable by users. The companies themselves must update their software to prevent the bug from being exploited. In the meantime, it is
strongly advised to halt usage of sites that have been found vulnerable.
Changing passwords is not enough, because if the site remains insecure, a hacker can still easily access the new password.
You can check if a site you use is still compromised with the tool on the Heartbleed website below.
source,
source,
sourceHeartbleed site:
http://heartbleed.com/