The Heartbleed-Vulnerable Passwords You Need to Change Right Now

By now, chances are you've already heard about the preposterously huge security hole in SSL. You've also probably heard how it could easily have left you exposed to all sorts of nefarious activity over the past few years. Now, thanks to Mashable, we also have a better idea of exactly which websites had the flaw.

Of course, just because certain websites were vulnerable to the bug doesn't necessarily mean your personal information (passwords, credit card numbers, usernames, etc.) got snatched. The problem is that there's absolutely no way of knowing for sure—so better safe than sorry. But Mashable's chart also shows which sites have already patched the hole. So if you have an account on a site that's still wide open to heartbleed's whims, you're going to want to wait until it gets things under control.

We've picked out some of the bigger websites that may have left you exposed below. They've also all issued a patch already, which means it's safe to change your password now (updating your password on a site that's still vulnerable won't do you much good, for obvious reasons. And you should. Seriously. Go. And head over to Mashable for a more complete list of what needs protecting.

[Mashable]

Update 4/10, 4:44pm: Apple has confirmed that iOS, OSX and "key web services" have not been affected by the bug.

Update 4/11, 7:37pm: A previous version of this post listed TurboTax as being vulnerable to Heartbleed, but a representative has confirmed to us that TurboTax is perfectly safe.