Hugh Boyes, cyber security lead at the UK-based Institution of Engineering and Technology said: "Change your passwords — but only after the affected website operators and internet service providers have implemented the patch to fix the bug.
"Changing your password before the bug is fixed could compromise your new password."
The popular blogging website Tumblr, which is owned by Yahoo!, had previously urged its users to change all their passwords, especially those protecting sensitive data like email and bank accounts, immediately.
Independent security expert Bruce Schneier has also called for calm, but emphasised the seriousness of the web security breach.
"'Catastrophic' is the right word. On the scale of 1 to 10, this is an 11."
The Heartbleed bug was discovered on Monday by a team of security experts, including one from Google, having gone undetected for more than two years.
The bug bypasses the encryption that normally protects data as it is sent between computers and servers, leaving personal and sensitive data vulnerable. It is commonly recognised as the closed padlock that appears in the corner of the web browser to show your connection is secure.