Yes, you should be changing your passwords. Yes, all of them. Literally, all of them.
They why is a vulnerability referred to as Hearbleed.
You can read specifics at that link, but knowing that not all of my readers are especially technical, I’m going to dumb it down to the lowest reasonable level.
Across the internet there are a lot of common bits and pieces of software that get used on most, if not all, sites. One of these pieces of software is called OpenSSL, and that stuff is like everywhere. OpenSSL is a good thing, as it’s allowed a vast sea of websites to use encryption to secure your data. If you’re sending your password over to your bank’s website, that needs to be encrypted or else someone could snoop on it and have your info. When it’s encrypted with OpenSSL (or other protocols, OpenSSL isn’t the only one, just the most common), anyone snooping just sees garbage.
But a vulnerability was just discovered in OpenSSL. It’s been there since late 2011. It’s being called Heartbleed (all the most important vulns get cool names), and what it means is that not only are people able to get the codes to be able to read your encrypted shit, but that it’s very nearly undetectable, and has been since… well, 2011. So any passwords you’ve use online in that time has probably been vulnerable to this attack.
Has it been used? Uncertain. We haven’t seen any uses of this outside of testing, but then, part of this issue is that it’s very, very hard to see. So, change your passwords.
And is it really that widespread? Yes. Something between 66% to 80% of the internet would be using OpenSSL. Your bank, your facebook, your twitter, etc. And if you use the same password on one of those that you might use on another account? You bet your ass they’re going to try it. It’s what I do.
Now, if you need help with all your damn passwords, there are several tools out there. I use, and strongly recommend, Keepass. It can generate passwords for you and keep all your shit contained in one vault that lives on your PC (BACK THAT UP REGULARLY). If you don’t like it you can probably just hit up Google for “password manager” and find loads.
So, once again, I offer my advice in big bold letters.
CHANGE. ALL. YOUR. PASSWORDS. I don’t care how much of a pain in the ass it is. YOUR SHIT IS IN REAL DANGER.