Heartbleed is a serious glitch in the Internet's core that could have been leaking user information for as many as two years, but what websites were actually affected?

Bruce Schneier, an expert on web security, told BBC News the Heartbleed bug is "catastrophic." Several other experts have urged people with any type of online account anywhere to the Internet to change their passwords.

"On the scale of one to 10, this is an 11," said Shneier.

However, the extent of the damage is not known and some websites are even reporting not being affected at all. Some websites admit to having some sort of flaw while others have not been able to tell.

According to Heartbleed.com (visit for more info on the Internet bug):

"The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users."

It is very important to change your passwords immediately because the Heartbleed vulnerability would not leave a trace should a hacker access your files. Many national banks and online tax filing services were not affected. Considering the sensitive information and the potential financial risk, it would still be wise to change passwords on those accounts as well.

Per Mashable, here is a list of major websites that have either confirmed to have been left vulnerable or possibly could have been affected. In either instance, users are encouraged to change their passwords immediately

Possibly Affected:

  • Facebook
  • Twitter
  • Apple
  • eBay
  • H&R Block
  • IRS
  • Netflix

Definitely Affected:

  • Instagram
  • Pintrest
  • Tumblr
  • Google (all services)
  • Yahoo (all services)
  • GoDaddy
  • TurboTax
  • DropBox
  • LastPass
  • MineCraft
  • OKCupid
  • SoundCloud
  • Wunderlist

Not Affected

  • LinkedIn
  • Amazon
  • Microsoft
  • AOL
  • Hotmail
  • Nordstrom
  • PayPal
  • Wal Mart
  • Target
  • National Banks (Bank of America, Chase, Wells Fargo, PNC, etc.)
  • Evernote
  • Christian Mingle
  • JDate