The Heartbleed bug can affect anyone that has used a “secure” website like Amazon, eBay, PayPal, your bank, your investments, etc. in the last year. Basically that little green “lock” symbol up in the URL of secure websites doesn’t work and has had a “hole” in it for over a year. The hole was just revealed publicly on Monday, April 7, 2014. Anyone who has used a secure site in the last few years is at risk of having their passwords and confidential data exposed.
This article in the Wall Street Journal has recommendations on what to do to protect against sites that have not yet patched Heartbleed and just as importantly what you should do in the future to stay safe.
The most important things to do are,
Don’t use a secure website until the end of the week to give banks, etc. time to install patches
Use the Chrome browser with the attachment recommended in the article to detect whether a “secure” website has had the patch installed and is Ok to use with other browsers
Use secure passwords that involve a mix of characters, symbols and numbers and do not use the same password on multiple high value sites
Check the Wall Street Journal article, 5 Rules for Using the Internet after ‘Heartbleed’, for more information.