The Heartbleed bug
Here is an article from PC World that covers this topic in layman’s terms
This is a free tool from LastPass that will help you check websites that you log into
If the site uses Open SSL — and has not recently regenerated their certificate — changing your password doesn’t mean anything.
If they have regenerated their SSL cert, then go ahead and change your password (user name too if possible).