For at least the last fourteen years, we’ve been told computers were going to ruin our lives. Whether it was Y2K shutting off the lights and making us reach for our bug-out bags, identity thieves stealing all our monies, or just that “Let’s Get Social” video driving us all to throw our PCs out the window, figuring out which threats you need to pay attention to has become a big part of life online.

When word of the OpenSSL exploit named “Heartbleed” started to spread, a lot of people started to do some triage: “how scary is this, do I need to do anything about it, and when do I need to do it?” Now that we’ve had a couple days to let the dust settle, here’s what you need to know.

What are the basics about Heartbleed?

Heartbleed is a bug in OpenSSL, software that allows servers and websites to perform secure transactions of data. If you’re used to looking for the lock symbol in your browser when you’re shopping online, OpenSSL is one of the services that can earn web sites that little icon.

It’s pretty obvious that a bug in a system designed to keep transactions secure could be a pretty big problem. The Heartbleed bug creates a vulnerability that allows someone to pull 64k of memory at random off working servers using OpenSSL.

What could someone do with 64k of random data?

Well, if they were just pulling 64k of memory one time, probably not a lot. However, since they can exploit the bug time after time, it likely wouldn’t take long for them to stumble across information that’s really useful: usernames and passwords.

How can I tell if my data has been compromised?

That’s one of the scariest things about Heartbleed. Even though it’s just been made public, this bug has been in the OpenSSL code for around two years now and we have no idea how long people have known about it. (Now is probably a good time to mention that we’re not actually sure anyone’s actually taken advantage of this exploit yet. It’s entirely possible that the Google team members who made the bug public were the first to discover it and the publicity Heartbleed is receiving will mean it’s taken care of before any bad guys use it. However, we’d rather be safe than sorry.) If you haven’t noticed anything out of the ordinary, there’s a good chance you’ll escape this ordeal in good shape, provided you take action.

What action? Tell me what to do!!!!

If there’s one bright side to Heartbleed, it’s that the bug is server-side, which means your role in fixing it is pretty easy – just change your passwords. Here’s the bad news – you should probably change all of your passwords and you shouldn’t necessarily change them all right now.

In the days since the story about the Heartbleed bug broke, sites have been moving quickly to solve the problem on their side. If a site has updated things, changing your password should put you in the clear. However, you can’t just change all of your passwords right now because it won’t do anything for the sites that haven’t updated yet. Your password would still be available to someone exploiting the bug until the server update happens.

There are tools popping up online to check whether or not sites are ready for you to update your password yet. Password management service LastPass (which was initially vulnerable to the Heartbleed bug) gives you a pretty good idea if a URL is still vulnerable or if it’s time to update.

Heartbleed is a terrifying name, isn’t it?

Yes, Heartbleed sounds like something you’d expect to find in a collectible card game about a dystopian future run by megacorporations that engineer bioroids. There’s a lot that’s scary about Heartbleed, but if you update your passwords as soon as a site gets its house in order, we might not have to go for the bug-out bags just yet.