Heartbleed and Heartbeat? Give Me Some English, Please
First, a quick overview of heartbeat. In simple terms, it's a bit of code in OpenSSL that keeps your SSL/TLS sessions open with a server instead of timing out and forcing you to start over. SSL and TLS are protocols for the secure connections between your computer and servers that host websites and email.
Now, a little about heartbleed. There's a flaw in OpenSSL's heartbeat feature that hands over information stored in memory when it shouldn't. Hackers can send servers a heartbeat request that doesn't include as much data as it should, and the server responds by handing over random pieces of data stored in its memory, 64K at a time. Send enough malformed requests, and eventually you'll have enough data to put together the encryption keys the server uses for all of its encrypted communication.
Those encryption keys are essentially the keys to the kingdom. Hackers don't have to gain further access to the server to steal data; instead, they simply need to listen in on the data passing between users and the server, and then use the keys they stole to decrypt whatever is in the secure connection.