(Thanks to Bryan Knecht for sharing this informative article.)
Heartbleed is a code flaw in OpenSSL’s hearbeat function that lets hackers trick a server into handing over its private encryption keys. With those keys in hand, hackers can decrypt information that’s passing between servers and user’s computers without any detection. They can also potentially use those keys to set up their own man in the middle server that appears as if it’s a legit version of the site you’re trying to reach, and that would let them collect as much information as they want.
Imagine, for example, a hacker getting ahold of the encryption keys for your bank. They could then intercept and decrypt your secure transactions, get your credit card and bank account numbers, account login and password, and more.
Do you use Facebook, Instagram, or Tumbler? Should you change your passwords for those sites? Hint: The answer is yes.
Mashable put together a chart that showing whether or not many popular sites are susceptible to the heartbleed bug, if they’ve been updated, and if it’s time for you to change your password.