In a nutshell if a company uses a technology called OpenSSL to secure it's website with HTTPS then your passwords & credit card numbers could be at risk.
The security bug is called Heartbleed. Right now companies such as Google, Microsoft, Twitter, Facebook, and Dropbox seem unaffected. If you want to check if your bank or company is effected then you can use this free tool.
When you go to the website with the free tool it will show a box that says Heartbleed test, like the picture below. From there just type in the website you want to check on such as Facebook.com and press the green button "Go!". It will return a result that says it is "all good" or "vulnerable".