There is a nasty bug out right now called the Heartbleed virus that has affected many website including most of the big websites like Facebook and Google. It deals with an opensource technology called OpenSSL and in fact may have been introduced roughly two years ago. It allows the bad guy to potentially see personal info while you are using a presumably secure (https://) website and even use a ‘Man-in’the-middle’ attack allowing them to set up a site that looks like Facebook but is really a fake Facebook site that garbs your info while directing you on to the real site. But don’t worry too much as there is no evidence of passwords or credit card #’s being compromised but it is always a good idea to change your passwords just in case.
When changing passwords, remember to use unique passwords (preferably random letters and numbers and the longer the better) for different sites, turn on 2-factor authentication and use a password manager to help manage all your passwords (LastPass is a popular choice).
Here are some good links to determine what sites have been compromised and how to turn on 2-factor authentication.