"Heartbleed" is a new vulnerability that was discovered in an online protocol called SSL, which is used to encrypt data that travels across the internet.
For example, if you log in to Gmail or your bank, they encrypt the data so that outside folks can't read it. To simplify, what "heartbleed" lets people do is to trick a server into giving them your data, including usernames, passwords and credit card info.
The vulnerability isn't new...it's been around for about two years.
Some of the biggest sites that have been hit include Yahoo and OKCupid, but there's no word on whether big banks have been hit just yet.
It's tough to know if you've had your information stolen, and even the websites and servers wouldn't necessarily know if someone has exploited their vulnerability. So, don't rush to change all of your passwords just yet. That's because if one of the websites is still breached, those stealing the data will still be able to collect whatever new password you put in.
Make sure everything is patched before you go ahead.
If you're curious about a particular site, it's recommended that you contact them.
Kim Zetter from Wired joins Alex Cohen to discuss.