So there has been this huge security hole found in Open SSL which means people could potentially have seen your username and password when you thought it was secure using https.
Tom Scott explains the Heartbleed vulnerability very clearly here
Now there has been lots & lots written about this, I'm adding to that big pile of posts with this, but the question I am asking is, who do we believe?
The BBC report says we should all start resetting passwords meanwhile Guardian Tech are saying hold fire changing your passwords now could make things worse.
I'm somewhere in the middle of the two, if you get information that one of the services you use has updated their version of Open SSL then jump in and change your password, if they haven't keep an eye out for announcements and hold off until they have patched there severs to make them secure.
If you want to test any sites that you use to see if they are vunerable or have been fixed you could try this online tool http://filippo.io/Heartbleed/ or one of the many others out there.