The list goes on and it generally includes all services run by those vendors. You'll probably receive an email from your various service providers if you need to change your password, but it's important not to change your password until after they've patched the Heartbleed flaw. Also watch out for Heartbleed-related phishing attacks, with hackers sending out fake password reset requests in order to trick you.

If you've reused passwords then you might need to change passwords for services which aren't affected by Heartbleed. For example, PayPal isn't susceptible to Heartbleed, but Netflix is. If you use the same email address and password for both Netflix and PayPal, someone who obtains your Netflix account details might check to see if that password also works with your PayPal account.

Don't think that two-factor authentication will keep you safe, because there's a chance that hackers may have extracted your seed code as well, which means they can generate one-time codes for your accounts. You still need to change your passwords, as well as the one-time passwords created for services and devices which don't accept two-factor authentication – something you've probably done if you use Google's two-factor system.

It's likely that services using two-factor authentication will also change your seed code, but as an extra precaution it's worth disabling and re-enabling two-factor protection and re-authorising all your trusted devices.

Heartbleed has caused plenty of chaos and changing practically all of your passwords is a major pain, but it actually offers a rare opportunity to totally rethink your password strategy. If some of your passwords were devised many years ago then they might no longer be considered strong enough to be safe. If you've reused passwords unwisely then now is the chance to repent.