“You can run to update your password everywhere, but it won’t do any good on the sites that haven’t pushed out a fix yet,” Josh Abraham, director of professional services for security firm Praetorian, told NBCNews.

Companies including Google, Amazon, Yahoo, Tumblr and Facebook said they have investigated the issue and are working to update their sites. But the fix could be slower for small businesses who use OpenSSL — and entering a new password into a potentially compromised site could do more harm than help.