Heartbleed-RefreshAs sites fix the bug on their end, it's time for you to change your passwords. The Heartbleed bug allowed information leaks from a key safety feature that is supposed to keep your online communication private -- email, banking, shopping, and passwords.

Don't change all your passwords yet, though. If a company hasn't yet updated its site, you still can't connect safely. A new password would be compromised too.
Many companies are not informing their customers of the danger -- or asking them to update their log-in credentials. So, here's a handy password list. It'll be updated as companies respond to CNN's questions.

Change these passwords now (they were patched)

Google, YouTube and Gmail
Facebook
Yahoo, Yahoo Mail, Tumblr, Flickr
OKCupid
Wikipedia

Don't worry about these (they don't use the affected software, or ran a different version)

Amazon
AOL and Mapquest
Bank of America
Capital One bank
Charles Schwab
Chase bank
Citibank
E*Trade
Fidelity
HSBC bank
LinkedIn
Microsoft, Hotmail and Outlook
PayPal
PNC bank
Scottrade
TD Ameritrade
Twitter
U.S. Bank
Wells Fargo

Don't change these passwords yet (still unclear, no response)

American Express
Apple, iCloud and iTunes