The Heartbleed vulnerability exists in all default versions of OpenSSL going back to March 2012. Among the products that use OpenSSL are Apache, IIS, Nginx, Cisco AnyConnect, your home router. If you do not take measures now against this bug, you will be hacked sooner rather than later. The attack is simply too easy to perform, and too widespread for it not to become one of the most widespread automated attacks ever. There are no reasonable limits on what information can be compromised, as long as it gets read by the application process, it is vulnerable.”]
Source: https://www.darkreading.com/attacks-breaches/heartbleed-examining-the-impact