http://money.cnn.com/2014/04/10/technology/security/heartbleed-passwords/index.html?hpt=hp_t3
From the above link:
Websites are racing to patch the Heartbleed bug, the worst security hole the Internet has ever seen.
As sites fix the bug on their end, it’s time for you to change your passwords. The Heartbleed bug allowed information leaks from a key safety feature that is supposed to keep your online communication private — email, banking, shopping, and passwords.
Don’t change all your passwords yet, though. If a company hasn’t yet updated its site, you still can’t connect safely. A new password would be compromised too.
Thanks. I took care of my YT, Google, GMail and Yahoo, on the “now” list; the others on that one list I don’t bother with. For the “don’t bother” list, I’ll probably change those too, this weekend, just to be sure.