By now you've probably heard about the massive Heartbleed security bug that may have compromised the majority of the world's web sites. Everyone should change their passwords on the affected sites—but only after those sites have patched the issue. Mashable is maintaining and updating a list of the most popular sites you should change your passwords for ASAP.
LastPass users have a built-in Heartbleed checker for their accounts, but that doesn't help those of us who don't use LastPass or even new LastPass users. (I imported over 800 accounts into LastPass yesterday and this morning and was told I didn't need to take any action, probably because the tool saw all my passwords as new.)
Mashable reached out to the major email, social, finance, and other sites on the web to create this chart showing which sites have been affected, if they've patched it, and if the sites recommend you change your password now.
So you can see at a glance that you should change your Facebook password, but not necessarily your Microsoft one. Google, interestingly, says they patched its services and you don't "need" to change your password, but you probably should (better safe than sorry).
You'll probably want to keep monitoring the Mashable list for those companies (like Apple) who haven't responded yet, and your email inbox for notices from companies that aren't on the list.
Happy change your passwords week.
Update: This list unfortunately doesn't specify if the companies have revoked and reissued their security certificates, which is important for the utmost precaution for them to do before you change your passwords. Most of the companies' statements say they've patched the issue or applied the appropriate fixes, but the certificate status is unclear. So even if the sites are saying everything's fixed, it's better to wait until you know for sure if the certificates have been updated. If you're a LastPass user, they have that data or you can check sites individually at https://lastpass.com/heartbleed/(and it looks like LastPass is starting to roll out info for new users, but it's very incomplete as of this writing). For further reading, see Troy Hunt's post or this one from 1Password.
The Heartbleed Hit List: The Passwords You Need to Change Right Now | Mashable