http://www.businessinsider.com/heartbleed-bug-explainer-2014-4
http://www.cnet.com/news/heartbleed-bug-undoes-web-encryption-reveals-user-passwords/
You can also just google "heart bleed bug" which is becoming a hot topic across the internet very rapidly.
Basically, what happens is the website sends a "heartbeat" test to the client, and if the client is still there, the client responds, but in that there is a vulnerability with most web servers including Apache and Nginx as well as any other server that uses OpenSSL
Discovered by a security researcher at Google, many websites have already fixed the bug, which simply requires updating OpenSSL