Heartbleed is the name of a specific vulnerability of a website's security protocol. Any time you input a log in and password into a website that uses this particular protocol, someone could theoretically take advantage of this weakness and read your log in and password. Not all websites are affected but a lot are. For a list of affected websites, go here. If you have an account at one of the affected websites, I HIGHLY suggest you change your password.
The most disturbing part is that the NSA (National Security Agency) has known about this vulnerability for TWO YEARS and did not say anything about it. Not only did they leave hundreds of millions of Americans at risk of their passwords getting stolen, they probably used this vulnerability for their own use. The fact that they knew about this and yet said nothing angers me to no end. Along with the leaks that Edward Snowden made public, I have no faith that the American Government has our interests in mind.