By exploiting loopholes heartbleed on OpenSSL , a hacker can steal information though a site or service providers already do encryption ( marked with a " padlock " and the prefix " https : " in the URL ) .
The problem becomes large because OpenSSL is used by 66 percent of all Internet web part to encrypt the data so that the security hole was widespread . Big names , including Gmail , Facebook , and Yahoo , are affected .
From the user side , nothing can be done to address this bug except wait for the service provider concerned to patch the gap heartbleed ( heartbeat ) , then change the password as a precaution when the old keyword has been leaked .
