You need to act - Heartbleed bug
Heartbleed is a security bug in the open-source OpenSSL cryptography library, widely used to implement the Internet's Transport Layer Security (TLS) protocol. This vulnerability results from a missing bounds check in the handling of the Transport Layer Security (TLS) heartbeat extension, the heartbeat being behind the bug's name. A fixed version of OpenSSL was released on April 7, 2014, at the same time as Heartbleed was publicly disclosed. At that time, some 17 percent (around half a million) of the Internet's secureweb servers certified by trusted authorities were believed to be vulnerable to the attack, allowing theft of the servers' private keys and users' session cookies and passwords. (Heartbleed - Wikipedia, the free encyclopedia)

Here is a listed of places that are or were affected by the Heartbleed bug.

If something you use is on the list and their services have been patched you may want to change your password.
If they have not yet patched yet it will do no good to change your password so wait for that service/site to be patched then change password.
For example, Gmail was affected but is now patched so you should probably change your gmail password.

More details are in the following link:
 The Heartbleed Hit List: The Passwords You Need to Change Right Now