70 16 LINKEDINCOMMENTMORE

NEW YORK (CNNMoney) Websites are racing to patch the Heartbleed bug, the worst security hole the Internet has ever seen. As sites fix the bug on their end, it's time for you to change your passwords.

The Heartbleed bug allowed information leaks from a key safety feature that is supposed to keep your online communication private -- email, banking, shopping, and passwords.

Don't change all your passwords yet, though. If a company hasn't yet updated its site, you still can't connect safely. A new password would be compromised too.

Many companies are not informing their customers of the danger -- or asking them to update their log-in credentials. So, here's a handy password list. It'll be updated as companies respond to CNN's questions.

Related story: Heartbleed Bug explained

Change these passwords now (they were patched)

Google, YouTube and Gmail

Facebook

Yahoo, Yahoo Mail, Tumblr, Flickr

OKCupid

Wikipedia

Don't worry about these (they don't use the affected software, or ran a different version)

Amazon, AOL and Mapquest

Bank of America
Capital One bank

Charles Schwab

Chase bank

Citibank

E*Trade

Fidelity

HSBC bank

LinkedIn

Microsoft, Hotmail and Outlook

PayPal

PNC bank

Scottrade

TD Ameritrade

Twitter

U.S. Bank

Wells Fargo

Don't change these passwords yet (still unclear, no response)

American Express

Apple, iCloud and iTunes

70 16 LINKEDINCOMMENTMORE
Read or Share this story: http://on.11alive.com/1gRxEgr