More than two-thirds of Web servers are at risk by a new security hole that some are calling "the worst the Internet has ever seen."

 It's called the Heartbleed bug, and it could put private information, including usernames, passwords and credit card numbers, at risk. The bug is especially dangerous as it targets encryption software that the vast majority of websites on the Internet use to turn your personal information into strings of random numbers and letters, according to this CNN article.


At the very least, Heartbleed exposes usernames and passwords, and also compromises the session keys that keep you logged into a website, allowing an outsider to pose as you -- no passwords required. It also allows attackers to pose as a real website and dupe you into giving up personal details. Making matters worse, the Heartbleed bug leaves no traces that indicate whether you have been hacked.


Many websites are now scrambling to fix the problem. Many major sites, including Google, Facebook, Amazon and YouTube, have patched the vulnerability to the Heartbleed bug. has a full list of frequently used sites, updates on site patches and whether or not the site is recommending a password change.


What should Internet users do in the meantime? If the bug hasn't been fixed, changing your old password to a new password would just result in your new password being susceptible, according to this article on If a particular site has been fixed -- or even if a site you frequent was not affected -- then you should probably change your password to be on the safe side.

 If you're worried a site you're visiting may be affected by the bug, you can go to this link first and enter the site's address in the search box. It'll tell you if the site in question is still vulnerable or not. 

 For the more tech savvy, a website has been created with all the technical details of the bug. It includes a full breakdown of what the bug is, as well as a question-and-answer section.