(Update) Heartbleed: Here's Why You'll Soon Have to Change Almost Every Internet Password You Have

Update:  Heartbleed: Change Your Passwords for These Widely-Used Websites Now

Heartbleed is a major security bug that has left a huge chunk of the Internet open to hackers, and millions of users vulnerable to attack. Ironically, it's impacting the exact piece of the Internet that's supposed to be protecting your information.

First, Some Info

The Heartbleed bug was just recently discovered, and effects a widely used security system called OpenSSL that encrypts data sent over the Internet. For example, when you sign in to Facebook, you might notice the "https" that appears in front of the URL, like so:

The above example in Google Chrome shows a green padlock and an "s" at the end of "http." The "s" indicates that the website is encrypting data and keeping it from prying eyes. Many sites use OpenSSL to secure info; they range from social networks, websites that handle bank and credit card data, and a slew of mail and instant messaging services. In short, a majority of the sites you sign-in to everyday use it, and if they don't, it's seen as a major problem.

What's Happening

A security team at Google discovered a bug in a version of OpenSSL that lets hackers sneak in and swipe info that's stored under the system's security layer. Through Heartbleed, hackers can use leaked encryption keys to decrypt your data. One of the scariest parts? The bug went undetected for the last two years, so anyone who knew of it could have gathered user names, passwords, instant messages, and emails without leaving any evidence of themselves.

Think of OpenSSL as a wall safe for your cash. This vulnerability is like one day opening that safe and discovering a tiny crack that could let anyone on the other side extract those dollar bills. Now the question is, did anyone steal anything while they had the chance?

On Monday, a patch (a.k.a. a bug fix) for the vulnerability was released, and now upwards of a half million widely used websites need to update. 

Unfortunately, this is not like when Apple discovers a bug in iOS 7 and all you have to do is hit update to download the patch and it's fixed. The onus is on these websites themselves to update. Tor, the popular network that prides itself on keeping things anonymous, said users should "stay away from the Internet entirely for the next few days while things settle." 

What You Should Do

"This might be a good day to call in sick and take some time to change your passwords everywhere -- especially your high-security services like email, file storage, and banking, which may have been compromised by this bug," Tumblr wrote in a blog post after they patched their servers.

Well, they're right, but not quite yet. 

If you change your password before a website has patched their security, then your new password will be just as vulnerable as your old one. 

Your Checklist:

• Watch for your widely used websites to release notices that they've updated OpenSSL
• Once they do, that's your cue to change your password
• As Tor alluded to, you should watch your online bank accounts and services that have sensitive info to see if anything suspicious is going on
• If you have a Wordpress website that you're hosting, sign-in to your hosting provider and update

Also, you can go here to check if a website is safe or not, but still, use caution.