This is what hackers see when they exploit the Heartbleed bug to steal private data, such as passwords and credit card numbers, from vulnerable users, according to malware analyst Mark Loman.

Do not login to Yahoo! The OpenSSL bug #heartbleed allows extraction of usernames and plain passwords! pic.twitter.com/OuF3FM10GP

— Mark Loman (@markloman) April 8, 2014

The bug exploits a flaw in Open SSL software that leaves private information up for grabs on sites that aren't protected.

Read More: 'Heartbleed' Online Bug: How to Protect Yourself

Loman tweeted this photo of what he said was the bug in action earlier this week on Yahoo. The company said it has since fixed the vulnerability.

The code on the left is translated into readable characters on the right side, which can include usernames, passwords and credit card numbers.

The red highlighting in the photo was added by Loman to redact the private information a hacker would see.

The bug was discovered by a team of security engineers at tech company Codenomicon and Neel Mehta of Google Security and has left an estimated half-million websites vulnerable.

Adam Levin, co-founder and chairman of IDentity Theft 911, told ABC News users should find out what a site is doing to get protected.

"Once the problem is solved, then change your password - make each new password unique and hard to crack," Levin said. "With any type of exposure, be extra careful of cyber thieves that look to harp on news to take advantage of consumers. Be cautious of shared links and news about the bug."

ABC News' Susanna Kim contributed to this report.