Over 300,000 servers out of the original 600,000 that were vulnerable to Heartbleed are still unpatched, two months after the nasty vulnerability in OpenSSL was discovered by a Google engineer.
The numbers were announced by security researcher Robert David Graham, who found that although half of the 600,000 servers were patched a month after Heartbleed was discovered, only about 9000 were patched in the last month.
It's safe to assume that most of the bigger sites have been patched. But the fact that more than half the servers haven't bothered to implement the fix should give you cause for concern. Heartbleed, after all, was little more than a dumb coding mistake that could easily be exploited by hackers, albeit allowing access to all sorts of sensitive information like usernames, passwords, encryption keys and more from websites.
Moral of the story: even if you changed your passwords, you might still be unsafe. [The Verge]