(UNDATED) - Internet companies continue to work on patching the Heartbleed bug, and many people in the tech industries say you should change at least some of your passwords for certain sites.
Heartbleed was accidentally added to OpenSSL software, which helps secure thousands of internet sites around the world.
"It was designed, ironically, to keep information private and safe in the hand-off of data from your computer to another server", said tech expert Dave Arland.
The bug was added to OpenSSL in 2012 during an upgrade, and it wasn't discovered until a security engineer at Google and engineers from a security company in Finland found in on Monday.
"The fear is that hackers will have the ability to look in and view about a half-million servers across the world that store all of that credit card information, all the password information, all the information about user ID's, etc."
A researcher was subsequently able to steal a username and password from Yahoo's servers.
"That led to a revelation that all of Yahoo is subject to this, and Yahoo has since taken steps to secure their situation. It's now safe to go on to Yahoo or it's related sites Tumblr or Flickr", said Arland.
Many other web sites have fixed the problem, too, but if it's a site to which you log-in, Arland says you should change your password.
"If you use Facebook, yes, go ahead and change your password. We're recommending that people not do any online banking, at least for a couple days just to be absolutely certain. The banks are generally reporting that they are not affected."
However, Arland says you should not change all of your passwords at once just in case some sites you use are still vulnerable.
Twitter and LinkedIn were among the sites not affected by the bug. CNET has a list of web sites and their Heartbleed status.
Have a question or comment about a news story? Send it to firstname.lastname@example.org