On April 7, 2014, it was announced that all version OpenSSL 1.0.1 series up to and include 1.0.1f had a severe memory handling bug in the implementation of the TLS Heartbeet Extension. The vulnerability might also reveal parts of the users’ requests and responses that could involve passwords. It is estimated that 17% or 500K of the Internet’s secure web servers might have been vulnerable to this attack.
Cnet is reporting that Yahoo Properties were potentially compromised. This would include Yahoo, Flickr and Tumblr. It is recommended that end users change their Yahoo passwords and do not use a password that they have ever previously used. In other words, create a new password and never re-use and old one.
Here are some resources on this mass compromise.
CNET ‘Heartbleed’ bug undoes Web encryption, reveals Yahoo passwords