After reporting the problems with OpenSSL, which has been nicknamed 'HeartBleed', 2 contributors have forward articles on why you should change your passwords.
I always believed Mojang would keep my details safe, now I realise they are not in control of their own data. Mojang/Minecraft passwords should be changed immediately
The fallout from the Heartbleed bug is hitting the mainstream. The BBC has an article headlined "Public urged to reset all passwords".
Bruce Schneier calls it "catastrophic", giving this advice to sysadmins: "After you patch your systems, you have to get a new public/private key pair, update your SSL certificate, and then change every password that could potentially be affected." He also links to a webpage that will let you test servers for the bug, and an article on Ars Technica discussing the bug.
(Score: 2, Interesting) by Horse With Stripes on Thursday April 10 2014, @10:40PM
I got lucky and was spared exposure to the vulnerability. As it turns out I never got around to migrating our production servers to the new servers running the latest version of OpenSSL. Our test servers were vulnerable, but they don't have anything of note on them, and no one was using them for the last week or so. The test servers' certs were self signed, so I upgraded the test servers to a safe version of OpenSSL, reset all the passwords and reissued the certs.
This whole thing is a mess, and I worry about which agencies have what info now from mail servers and other popular websites. I expect a lot of MitM attacks on people whose browsers don't check for revoked certificates.