Richard Nieva in a cnet article, 'Heartbleed Bug: What you need to know (FAQ)' advises that passwords should be changed, with the proviso
'... BUT wait until you get confirmation from the Web site operator that the bug has been patched. It's a natural reaction to want to change all of your passwords immediately, but if the Web site's bug has not been fixed yet, making the change could be useless -- you're just potentially giving an attacker your new password.'
Find Cnet's list of sites that have patched the vulnerability HERE
Many other sites also offer helpful information about the Heartbleed bug. Mashable information and advice can be found in the piece 'How to protect yourself from the Heartbleed bug' CLICK HERE.
NB. Bathurst (NSW) Catholic Education systemic school staff, your Google email accounts, etc are OK - ICT person of Bathurst CEO advised/confirmed today.