It is confusing about what one should do to in reaction to the Heartbleed vulnerability. Most articles I've read are telling people to change their passwords, but there is a problem with that if the web site with which you are changing passwords has not made the necessary changes first. If the site's SSL configuration is still compromised your password changes could just be captured. What I am doing is checking the site first using the Qualys SSL Labs - Projects / SSL Server Test.
IFTTT is the first web app/service that I use that sent me an email about the Heartbleed security vulnerability. I've contacted some key sites, like my banking sites to see what they plan to do, so far I have heard back from one.
There is a bag that has Cadbury Creme Eggs in the house. EOM