Imagine you’re walking out of the front door when you see the postman carrying a bundle of letters. He gives you the top letter because it has your address. You then tell him that the next five are yours too. Without looking to check the address on them, he hands you the next five letters too.
This pretty much describes the action at the core of The Heartbleed Bug. This bug was in the OpenSSL library, which is used for all kinds of encryption, but most noticeably right now: HTTPS, which approximates to “everything secure on the web”.
If you want to understand it more from an in-depth technical perspective, Troy Hunt has written an excellent and detailed article about the bug. I want to explain things to people who didn’t lose yesterday to testing and patching (or to put it another way “this is why I was looking sad and went to the pub at lunchtime”).