Heartbleed is a computer security issue that got world wide notice in early April. It affects websites and computer systems that use the OpenSSL encryption. It is not a virus or trojan horse or scam.
OpenSSL had a type of encryption vulnerability that was discovered by security engineers at Google and Codenomicon. The world became aware of the problem on April 7th when a fixed version of OpenSSL was released.
It is possible that some criminals or hackers may also have been aware of the OpenSSL vuneraliblity and exploited it by stealing identities, passwords, financial information or other data. However, there has not been any indication that criminals had known about Heartbleed and taken advantage of it. Most IT managers of sites using OpenSSL acted very quickly to patch their systems using the fixed OpenSSL.
Which Sites Were Affected?
Google uses it, but they were the first one to discover the problem and fixed their site before the world knew. Not all sites use OpenSSL. Most banks do not use OpenSSL; they use another type of security encryption. Apple’s system, sites, servers, and phones were never affected and neither were Microsoft’s or Adobe’s.
Here is a link to a compilation of many sites, listing those that you may or may not need to change your passwords: http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/
Make sure the site has applied the fix BEFORE you change your password though.
Here is a link to Heartbleed.com for more information: