In a nutshell if a company uses a technology called OpenSSL to secure it's website with HTTPS then your passwords & credit card numbers could be at risk.
The security bug is called Heartbleed. Right now companies such as Google, Microsoft, Twitter, Facebook, and Dropbox seem unaffected. If you want to check if your bank or company is effected then you can use this free tool.
When you go to the website with the free tool it will show a box that says Heartbleed test, like the picture below. From there just type in the website you want to check on such as Facebook.com and press the green button "Go!". It will return a result that says it is "all good" or "vulnerable".
Yahoo was recently discovered to have this vulnerability so passwords and information was being compromised. We have gotten calls in the last few weeks of folks using Yahoo and having their accounts compromised. Yahoo said that they have patched up the vulnerability.
A security firm called Codenomicon, which along with Google researcher Neel Mehta discovered the problem.
"This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users, and the actual content," Codenomicon said. "This allows attackers to eavesdrop communications, steal data directly from the services and users, and to impersonate services and users."
If you are using Lastpass to keep your passwords safe then we are safe, as their spokesman Joe Siegrist said the following, "LastPass is quite unique in that nearly all your data is also encrypted with a key that LastPass servers never get -- so this bug could not have exposed customer's encrypted data," Siegrist added.
I wanted to update folks on this so you can make sure you're a ok. Have a great day and Aloha!