It’s been five days since news of the Heartbleed SSL bug was announced. This is a bug in some versions of the OpenSSL secure certificate software layer that some secure websites use, including email sites, banks, credit unions, shopping sites, and others to create a secure connection with you. Without getting too technical, just know that this bug makes it possible for bad guys to steal your login credentials. This is serious, because this bug has gone undetected for about two years.
So you should change your passwords if you’re affected, but maybe not yet. Security experts have advised to NOT change your passwords on affected sites until those sites’ administrators have patched their systems. And since you may or may not be notified by sites that you use as to whether or not they’ve been patched, use this tool created by LastPass to check to see if your sites have been patched. Once any given site is patched, it’s then safe to change your password on that site.