The breaking news on Monday, April 7 was a huge wakeup call. Jim Hamm's gives some help here about places affected by Heartbleed vulnerability.
Apple was not affected, and you do not need to change your password.
Last Pass lets you enter the name of the site you want to check.
Mashable published this list and gives comments on each of these entities:
Social networks: Facebook, Instagram LinkedIn, Pinterest, Tumblr, Twitter.
Other companies: Apple, Amazon, Google, Microsoft, Yahoo.
Email: AOL. Gmail, Hotmail/Outlook, Yahoo Mail.
Stores and Commerce: Amazon, Amazon Web Services, eBay. Etsy, GoDaddy, Groupon, Nordstrom, PayPal, Target, Walmart.
Videos, Photos, Games & Entertainment: Flickr, Hulu, Minecraft, Netflix, SoundCloud, YouTube.
Financial: American Express, Bank of America, Barclays, Capital One, Chase, Citigroup, E*Trade, Fidelity, PNC, Schwab, Scottrade, TD Ameritrade, TD Bank, T Rowe Price, U.S. Bank, Vanguard, Wells Fargo.
Government and Taxes: 1040.com, FileYourTaxes.com, H & R Block, Healthcare.gov, Intuit (TurboTax), IRS, TaxACT, USAA
Other: Box, Dropbox, Evernote, GitHub, IFTTT, OKCupid, Spark Networks (JDate, Christian Mingle), SpiderOak, Wikipedia (if you have an account), Wordpress, Wunderlist.
Password Managers: 1Password, Dashlane, LastPass