The OpenSSL flaw has not yet been fixes on all servers everywhere, but you should start planning on changing all your password on banking and shopping sites. If you are an individual that uses the same username and password everywhere then change EVERY username and password you use.
Please note that until you know that a site has been fixed, changing your password will still require a change again once that site has been fixed. This means wait a few more days until the server hosts have time deploy the fixes and then make your password changes.