A patch has been pushed to fix heart bleed vulnerability in openssl which causes the attacker to sniff the sensitive information by memory leak. More about this can be read at heartbleed info.
To find if your host uses a vulnerable openssl, go to filippo and check your site.
So who are all affected? People having ssl on there host and running openssl older than 1.0.1g are affected by this vulnerability.
How do you fix this?
1. If you are on a unmanaged vps:
cd /usr/src wget http://www.openssl.org/source/openssl-1.0.1g.tar.gz tar -xvzf openssl-1.0.1g.tar.gz cd openssl-1.0.1g ./config --prefix=/usr no-threads shared make make test make install
Ask you host to update openssl to version 1.0.1g
After installing, restart the services using ssl like control panel, httpd etc. Or do a server reboot to simply restart all services.
I also recommend getting your ssl certificate re-keyed as older openssl also revealed a part of private key to the attacker.