The Heartbleed vulnerability has been around for two years and it's uncertain if cybercriminals have exploited it during this time frame. Now that the news is out, it's very likely that malicious actors have attempted to harvest your personal information.
Consequently, companies are advising their customers to change their passwords in case their accounts have been access by cybercriminals. If you still don't know what Heartbleed is, well, it's a vulnerability in OpenSSL that can be exploited by an attacker by sending malicious "heartbeat" requests to obtain information on the targeted server. If successful, the leaked information can contain encryption keys, usernames, passwords, etc.
"This might be a good day to call in sick and take some time to change your passwords everywhere - especially your high-security services like email, file storage, and banking, which may have been compromised by this bug," stated a representative from Tumblr.
On April 8, 2014, a list of the vulnerable top 10,000 Alexa websites was published on GitHub. However, many of them listed may have resolved the issue.