A newly identified bug named the Heartbleed Bug has made nearly 70% of all websites on the Internet insecure — over 600 million, to put this in context. There is a major flaw in the security of the World Wide Web — one that has even Internet security firms feeling a little panicked.
The Heartbleed Bug makes the secret keys that encrypt your online data vulnerable to theft. An attacker can easily steal your usernames and passwords, instant messages, emails, business documents and communication from servers with this vulnerability.
The Heartbleed Bug has existed since March 14, 2012. Attackers who exploit it leave zero trace. That means that any website owner affected by this bug has no idea what data may have been compromised since then, or if any data was compromised at all. All that they can do is patch the bug immediately, communicate with customers and take measures to reset their systems.
What's next, and what you can do
There's nothing you can do until the companies managing websites that require log in (banks, online stores, etc, etc) apply the patch for the servers they use. We strongly encourage you to change your password. Everywhere. Beware of websites that are popping up to "check" for the vulnerability. You may be inviting theft of your data.
Where to read more about Heartbleed
Finnish National Cyber Security Center: NCSC-FI is distributing advisories and updates to technical communities.
Heartbleed.com: This contains FAQs with (mostly) simple answers.
CNET: 'Heartbleed' bug undoes Web encryption, reveals Yahoo passwords
Ars Technica: Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping
Before it's News: Heart Bleed Bug Could Compromise Large Part of the Internet