Earlier this week, word spread that a "vast number" of the servers on the Web had been compromised by a bug called "Heartbleed" — and that it may have gone undiscovered for more than two years; and that "while it's conceivable that the flaw was never discovered by hackers, it's nearly impossible to tell."
(The New Yorker has an even more detailed look at the why/how of the bug, if you have the time.)
Heartbleed affects the encryption code which protects online accounts (known as OpenSSL), potentially exposing important information such as passwords and credit card numbers. It was discovered by a team of Finnish researchers. The scope of the damage is still unclear. But one thing is clear: you need to change your passwords.
Mashable has reached out to some of the most trafficked sites on the Internet, including Facebook, Google, Amazon and more to find out who was affected, what they've done about it and what you need to do about it. See the full list here.
Sites where you need to change your password include:
Luckily, banking and commerce websites seem safe. Though in a situation like this, it never hurts to be sure.