In recent weeks, the Heartbleed security bug has headlined hundreds of news stories. Not only were user names, passwords, and other personal information potentially exposed, but there was little consumers could do because the vulnerability was in the security software that many Website servers used. Needless to say, once the bug was identified the majority of endangered websites rushed to patch the problem. Two weeks after the public announcement, only an estimated 2% of vulnerable websites had not fixed the problem. Now that most exposed websites are patched, consumer can and should change their passwords.