One of the big stories in tech circles today is that a bug has been found in OpenSSL that has been in place for as long as two years. If you've seen someone talk about the “Heartbleed Bug,” this is the one they're talking about, and it's a big one.

 

OpenSSL is a data encryption standard that's widely used on the internet, by people such as Facebook and Gmail. The nature of this bug means that basically everything could have been exposed. It's as if you left home after locking the door and turning on the burglar alarm, and it turns out the bad guys have a copy of your key, the code to the alarm, and they're going to use your own truck to haul away everything they take.

 

The bright side in this is that a lot of financial institutions may not be affected by it, due to OpenSSL's open source nature. Large institutions are sometimes leery of open source software for a variety of reasons, so they may be using other encryption standards. That said, a lot of other places definitely use it, and it's not something that can be fixed on the user's end. The flaw has to be patched at the server end, and while lots of places certainly are or already have patched, it's possible some haven't yet. My advice is to change your passwords, and probably change them again in the near future.