A security breach known as "Heartbleed" has put passwords, credit cards and other sensitive data at risk.
Researchers say the problem is with SSL/TLS, that's an encryption technology that uses the small, closed padlock symbol and "https:" on browsers to show web traffic is secure.
The "Heartbleed" breach allows people to view that traffic even if the padlock was closed.
Researchers call the threat serious and are advising people to change all their passwords.
A fix for this issue has just come out but websites and service providers must install the update to protect their customers.
In a statement Tuesday Yahoo Inc. warned its 800 million customers that popular services including sports, finance and Tumblr had been fixed, but work was still being done on other products that it didn't identify.
"We're focused on providing the most secure experience possible for our users worldwide and are continuously working to protect our users' data," Yahoo said.
In a Tuesday post announcing it had installed the Heartbleed fix, Tumblr offered its users some blunt advice, according to the Associated Press.
"This still means that the little lock icon [HTTPS] we all trusted to keep our passwords, personal emails, and credit cards safe, was actually making all that private information accessible to anyone who knew about the exploit," Tumblr said.
"This might be a good day to call in sick and take some time to change your passwords everywhere -- especially your high-security services like email, file storage, and banking, which may have been compromised by this bug."