As it turns out, that little lock icon in your browser’s address bar might not be all that great at protecting your private information after all.
The Heartbleed bug — here’s an explanation why it is so named — was introduced to OpenSSL about two years ago, but only became public knowledge in the last week or so. Many experts first believed Heartbleed’s impact might be limited to web servers, but announcements from Cisco and Juniper Networks announcements suggest the bug is much more widespread than initially thought.
The Heartbleed vulnerability takes advantage of a flaw in OpenSSL, a free encryption protocol used by thousands of websites around the world to protect visitors’ sensitive data. Heartbleed essentially lets hackers get an undetectable look at the data transmitted between a user and a server after it’s been decrypted.
That means hackers could access your usernames, passwords, credit card numbers and any other personal information you’ve used during visits to the affected sites.
Many of the major websites, like Facebook, Google and Yahoo, have already patched the problem. In those cases it’s safe for you to go ahead and change your passwords.