There has been a lot of hype about the heartbleed bug. It is a flaw in the OpenSSL service which theoretically allows encryption credentials to be harvested, thereby enabling user passwords to be recovered.
The scare story:
The flaw has been around for a good while and over half the secure services on the Internet use OpenSSL. It has been suggested that a script kiddie of the Raspberry Pi (aka Linux command shell) generation could successfully mount an attack. OMG! All the private information you so jealously guard on Facebook, Twitter et. al. is OUT THERE!!! Even you bank account is as open as if the guard cracked the vault and then went off for a pee!
Setting it in perspective
The flaw was discovered a good while ago and was kept quiet until a polite time after the fix had been made available to the major Internet services - online banking, Amazon and the like. There is no evidence (as yet?) that the flaw has ever been exploited. Client systems as such are not at risk, although the user obviously is. But what is that risk? Your "private" details are mostly out there anyway, yawn, script kiddies got no warning, so the only Black Hats to worry about are organised crime. What have you got that they might want? Cash, online shopping accounts, I can't think of anything else unless you have valuable commercial secrets online or are a Very Important Person with a valuable global presence.
Change the passwords on any accounts that could be used to drain your cash. But don't lose sleep over it, indeed it can be a good idea to wait a short while to give the service provider time to get off their ass and schedule in the fix - some big providers measure such "emergency response times" in weeks or even months. Since you are of course a wise person and change your passwords from time to time anyway, this is no big deal to you - right?
If you have commercial secrets or are a VIP, change the relevant passwords there, too. Best to do it ASAP, then check whether the provider has updated yet. If they haven't, wait until they have then change the password again.
"Klinger, do you know how many zoots were killed to make that one suit?" — BJ Hunnicutt