DALLAS (KRLD) -- An encryption flaw known as the "Heartbleed" bug is being called one of the biggest security threats the internet has ever seen.
Security departments around the world are working overtime to address the bug, which has has been active for more than two years.
The Heartbleed bug is a vulnerability in the popular OpenSSL software, which allows protected information to be stolen -- including passwords.
Some experts have been suggesting that users change every online password out of caution, but is that totally necessary?
Lance Ulanoff, the editor at large at Mashable, tells KRLD that users don't need to overreact.
"That actually doesn't make sense. You don't know that the site has done its work -- if it hasn't update itself or is not clear of this vulnerability. If you change your passwords now and that site still has a problem, those passwords could still be stolen."
What Passwords Should I Change?
Instead, Mashable has analyzed the major sites that people visit everyday, determining whether or not a password change is needed.
"One thing that's really important to understand here is that, while this is a really widespread problem and many sites use what's called OpenSSL, a lot of sites don't."
A full list of the sites and passwords that you need to change can be found here.
(©2014 CBS Local Media, a division of CBS Radio Inc. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed.)
- PHOTOS: Your Pet Pictures
for more features.