The Heartbleed bug found security flaws in some of the most popular web sites on the Internet like Twitter, Instagram, Google, Facebook and many others. Tech expert Peter Kay said it can help a hacker steal a user's login and password.
"If you had logged into Facebook, an attacker could have gained your user name and password on Facebook, and then have access to everything you have access to on Facebook," he said.
A hacker armed with Heartbleed can force a computer to give up secret information.
"We store a lot more of our data online than we ever used to. All that is potentially accessible," Kay said.
Heartbleed's been around for two years. But researchers just found the bug. It doesn't leave a trail behind so you don't know if your identity has been compromised. Over 1 billion people use Facebook. There are different degrees of concern.
"Something could be happening and you don't even know what's happening," Facebook user Adora Klinestiver said.
"It's like you don't have privacy anymore," Valentino Youkana said.
"What I put on Facebook and what I have on Facebook doesn't really matter," Max Grand said.
Many Internet companies breached by Heartbleed have patched the security holes.
"If you use these web sites, Google, Facebook, Twitter, Instagram, Pintrest, change your password right now," Kay said.
He said a good password can be a two-word phrase with the first letters capitalized. Take the phrase live aloha.
"Then you would add an exclamation point or a special character in between the two words. So it would be Live, exclamation point, Aloha, exclamation point. That makes a good password," he said.
Besides social media sites, domain name giant GoDaddy.com was also affected. Heartbleed doesn't appear to have invaded online banking sites.