Heartbleed, official designation CVE-2014-0160, is a bug in OpenSSL’s heartbeat extension. It isn’t important to know what this extension does, only that it was poorly coded (in coder speak, it lacked bounds checking). This bug can be exploited by a hacker to read blocks of 64KB from the server’s RAM. The hacker can only grab one 64KB block at a time, but he can keep going back for more until he’s gathered all the data he needs. With access to the server’s memory, the jig is up. Passwords, security certificates (encryption keys), other sensitive details — they’re all stored in memory, and they’ve all been exposed for the last two years thanks to OpenSSL’s Heartbleed bug.

http://www.extremetech.com/computing/180152-what-the-heartbleed-bug-is-and-how-you-can-protect-yourself-and-your-servers