**Graphic updated on **16/04 @ 17:37 CEST - (Netflix changes)
The Heartbleed bug - a major security flaw in OpenSSL - has seriously disrupted the online community this week. OpenSSL is one of the most popular pieces of encryption software, and the bug has potentially exposed millions of user details to hackers.
Some online service providers acted quickly, patching the flaw as soon as it was announced. However, many others have yet to act.
If a service provider is yet to apply the patch, you should not change your password. Instead, wait until you receive confirmation from an official channel that the servers have been patched. Only then should you log in and update your details.
Conflicting reports have led to panic - nobody seems to know which sites have been affected, or whether their servers have been patched.
To dispel the confusion, we’ve created a simple password change checklist. It identifies the major sites which have been affected by Heartbleed - and whether they’ve patched their servers yet.