The dreaded "Heartbleed" bug has prompted security experts to warn that information on approximately half a million websites may be vulnerable to hacking, but most companies are still standing by their statements that customer information is safe, including retailer Target, which was the subject of a massive data hack reported last November.
The contradictory tone of alarm and re-assurance has led to a patchwork of advice from online retailers and other companies with a major Web presence.
Department store Neiman Marcus, the subject of another recent security breach, did not immediately respond to ABCNews.com's request for comment.
Adam Levin, co-founder and chairman of IDentity Theft 911, said passwords do have to be changed, but if you do so, the timing counts.
"First, find out site by site what they're doing to get the site protected –- you can do this by seeing if they've issued a public statement or contact them directly. Once the problem is solved, then change your password –- make each new password unique and hard to crack," Levin said. "With any type of exposure, be extra careful of cyber thieves that look to harp on news to take advantage of consumers. Be cautious of shared links and news about the bug."
Here's what Target and other sites are saying about how they fixed potential vulnerabilities in their system:
Molly Snyder, a spokeswoman for Target, said the company launched a "comprehensive review of all external facing aspects of Target.com" on Tuesday.
"Based on our findings, we do not currently believe that any external-facing aspects of our sites are impacted by the OpenSSL vulnerability," Snyder reiterated on today.
OpenSSL is a protocol that is supposed to keep Web communication secure.
Ryan Moore, a spokesman for eBay, said, "eBay is aware of the security vulnerability identified in a version of OpenSSL, also known as the Heartbleed Bug. The vast majority of our services were not impacted and our users can continue to shop securely on our marketplace. Consumer safety is our top priority, and we will continue to monitor this bug to ensure our users remain protected."
The company told customers on Thursday: "1. Your Marketplaces account is secure
2. Your Marketplaces account details were not exposed in the past and remain secure
3. You do not need to take any additional action to safeguard your information
4. There is no need to change your password."
"While we always advise our customers to be cautious and aware of the security of their personal accounts, in this case we want to reassure you there is no need to be unduly concerned," eBay said in its statement. "When you login to eBay using your user name and password these details were not exposed to the OpenSSL vulnerability."
A Facebook spokesperson said on Wednesday that the company "added protections for Facebook's implementation of OpenSSL before this issue was publicly disclosed, and we're continuing to monitor the situation closely."
"We haven't detected any signs of suspicious account activity that would suggest a specific action, but we encourage people to take this opportunity to follow good practices and set up a unique password for your Facebook account that you don't use on other sites," the Facebook spokesperson said.