Multiple popular websites were exposed to a major Internet bug called Heartbleed earlier this week. The bug was discovered by a member of Google's security team and the software security firm Codenomicon.

Heartbleed is a serious security threat that has the potential to expose users' private information, including passwords, financial details and instant messages, among other things.

To help you understand the bug and what you should be doing to protect your information, Mashable editor-at-large Lance Ulanoff answered user questions on our Facebook page. Here are highlights from the chat:

What is Heartbleed?

Heartbleed is a bug in the code running on the servers of millions of websites. It leaves open a hole that allows hackers to get in and around the encryption between you and the site. This means that the information stored on the servers, and passed between you, could be stolen.

Is this strictly a threat that is only on the Internet?

Just the Internet: Sites running OpenSSL.

Is Heartbleed a virus?

Not exactly. It is a hole that could leave websites and user information open to attack.

Why wasn't it discovered until now?

The code error was small. It was not an attack; it was simply some bad code written by the people who built OpenSSL. It sounds like more of an accident.

Has a list of the major sites using OpenSSL been compiled?

There are millions of sites that use OpenSSL, so a full list might not be that easy to peruse. LastPass unveiled a tool to help you search for specific websites to find out if there are issues. [Update: We've compiled a list of popular sites and whether they were affected.]

When should we change our passwords?

Changing passwords right now might be a pointless exercise. The sites you visit could still have the vulnerability and your new password could be stolen.

If I'm running my own website, how do I protect it?

If you run OpenSSL, update it as soon as possible.

Has it affected most firewalls?

It's not really a firewall attack. If the vulnerability exists (on a site or service), the communication between you and it is open to compromise.

How safe is the Internet anymore?

It's pretty safe.

Do you think the latest bug was somehow related to the NSA?

No.

Have something to add to this story? Share it in the comments.