The Heartbleed vulnerability was discovered on April 7th, 2014 and is the biggest security flaw ever seen by internet users. Websites ranging from Google to major banks were all vulnerable to this exploit since 2011.
The best way to insure that your passwords are safe is to wait 10 days during which vulnerable sites will patch their security flaws. Afterwards you should replace all passwords and pin numbers.
Ideally passwords shouldn’t be reused across multiple accounts, because if one password is comprised then a hacker can gain access to everything else using the same credentials.
As more news emerges we will discover which sites were comprised and which weren’t. But because the vulnerability is so large, users should expect all of their online accounts to have been comprised.
This is by far the biggest security flaw to ever be discovered and its consequences around the world are not yet known.
For more tips on how you can protect yourself from Heartbleed see this article.