Mariano Amartino, from the blog Denken Über [1] [es], explains on a detailed and graphic post the OpenSSL software vulnerability known as Heartbleed [2] and notes that:
Speaking clearly, the ONLY way of fixing this problem is that vulnerable sites (more than tens of thousands) carry out an OpenSSL update and issue their security certificates again.
What does this mean for me? Basically, that even though you change the password, if the certificate hasn't been updated, it is still vulnerable (you can check site by site using this Heartbleed vulnerability tool [3] on Lastpass) and by using the same password, almost all your online presence is compromised :)