Heartbleed bug is a security flaw in the OpenSSL cryptographic software library, which allows to steal user private information, like logins and passwords. The bug was basically an «accidental» and a catastrophic mistake in the programming code and allowed an attacker get 64K of memory from a server without leaving any trace. The attack could then be repeated multiple times to allow hackers steal another random 64K of memory.
After the bug was disclosed by Google, thousands of companies all around the world started to patch their servers to prevent leaks. In a month almost a half of 600,000 'infected' servers have been patched and became 'Heartbleed-resistant'. That left the Web with 318,239 unprotected servers and the situation hasn't changed a lot since then.
Currently there are 309,197 servers that have not been patched and remain exposed to Heartbleed. A security researcher Robert David Graham says that, given such a tendency, we can expect to find thousands of vulnerable systems even in a decade. So if you are concerned about your account details, it is a good idea to have different passwords for each account you have on the Web.