'Don't Change Passwords' Over Heartbleed Bug
Internet users have been warned not to change their passwords in the wake of the Heartbleed security flaw discovery.
Hugh Boyes, cyber security chief at the Institution of Engineering and Technology, said: "Changing the password before the bug is fixed could compromise your new password."
He said they should only be changed on websites that had implemented a patch to fix the bug.
Blogging website Tumblr, owned by Yahoo!, has previously told users to change all their passwords, including those for sensitive data like email and bank accounts.
Independent security expert Bruce Schneier called for calm, but said the security breach was serious.
"Catastrophic is the right word. On the scale of 1 to 10, this is an 11. Half a million sites are vulnerable, including my own."
Users can test a site's vulnerability to the Heartbleed bug by visiting a site created by developer Filippo Valsorda where you can enter web addresses and find out if the bug has been fixed.
If it says that the site has been patched, it is safe to change your password.
Mr Boyes added: "Regularly change your passwords.
"Depending on how sensitive the application/website is, passwords typically ought to be changed monthly or quarterly.
"Don't reuse the same passwords on different websites. Try to use a separate password for each website."
The Heartbleed bug was discovered on Monday by a team of security experts and had gone undetected for more than two years.
The bug is a flaw in the encryption that protects data as it is sent between computers and servers.
This has meant that personal and sensitive data was left vulnerable.
The encryption is best-known for the closed padlock that appears in the corner of a web browser to show a connection is secure.