The Heartbleed bug allows an attacker to exploit the heartbeat functionality of a widely used cryptographic library called OpenSSL. The flaw in the software can be exploited by sending a malformed heartbeat request to a vulnerable server. The server responds with random 64 kilobyte blocks of data from the server's memory that may be completely useless to the attacker — or it may contain individual user names and passwords, security certificates, cryptography keys, and other sensitive data.
There are several tools available on the internet that will scan a website to determine if it contains the Heartbleed flaw--Here is one example. Bad actors use scanning tools to scan thousands of IP addresses looking for this flaw and if they find it they will exploit the bug.
More on Heartbleed here.