NEW YORK (CNNMoney) -- Websites are racing to patch the Heartbleed bug, the worst security hole the Internet has ever seen.
As sites fix the bug on their end, it's time for you to change your passwords. The Heartbleed bug allowed information leaks from a key safety feature that is supposed to keep your online communication private -- email, banking, shopping, and passwords.
Don't change all your passwords yet, though. If a company hasn't yet updated its site, you still can't connect safely. A new password would be compromised too.
Many companies are not informing their customers of the danger -- or asking them to update their log-in credentials. So, here's a handy password list. It'll be updated as companies respond to CNN's questions.
Change these passwords now (they were patched)
Google+, YouTube and Gmail Facebook Yahoo, Yahoo Mail, Tumblr, Flickr OKCupid
Don't worry about these (they don't use the affected software, or ran a different version)
AOL and Mapquest Bank of America Charles Schwab Chase bank Fidelity E*Trade HSBC bank Microsoft, Hotmail and Outlook PayPal Scottrade TD Ameritrade Wells Fargo bank U.S. Bank
Don't change these passwords yet (still unclear, no response)
Amazon American Express Apple, iCloud and iTunes Capital One bank Citibank LinkedIn PNC bank Twitter (the company said Twitter's servers weren't affected but also noted that Twitter used the affected software in some capacity.) Wikipedia
By Jose Pagliery
™ & © 2014 Cable News Network, Inc., a Time Warner Company. All rights reserved.
(KTVI) – You may want to change your passwords for a number of websites like Google, Facebook and Yahoo.
Scott Schaffer, of Blade Technologies, explains it’s because of a very serious bug with a scary name: “Heartbleed.”
This is not a virus. It’s bad code.
The bug affects OpenSSL, a popular cryptographic library that is used to secure a huge chunk of the Internet's traffic.
Because you don’t know if each site has fixed the code, it’s best to change your passwords, and start getting in the habit of changing them regularly.
Scott advises, a good password should be 20 characters long, contain no actual words, should have some capital letters and numbers, and special characters.
How can you check to see if your password was stolen or if the sites you regularly visit are safe?
Good Overview: http://heartbleed.com/
Homeland Security/CERT Coordination Center: http://www.kb.cert.org/vuls/id/720951
Online Tester: http://filippo.io/Heartbleed/
Technical Information for Testers: https://blog.ipredator.se/2014/04/how-to-test-if-your-openssl-heartbleeds.html