The OpenSSL Library, a security function used in most encrypted websites, has been discovered to have a bug which the NSA has been using to spy on users in 2/3rds of the websites on the internet. It is able to read the memory of the webserver and leaves no trace. It's been there for about two years. Bad guys can use it to co-opt a site's certificate for "man in the middle" attacks.
Leo advises users employ Lastpass to generate all passwords and change them when needed. It will generate really difficult passwords. But even then, these websites have to plug their security holes. Changing your passwords from time to time can't hurt, though, and LastPass does a great job generating passwords that can't be cracked. The idea of Lastpass is that you'll only have to remember one password: the one for Lastpass itself. It also works across all platforms, even mobile. Leo says that having second factor authentication turned on, when possible, will protect you as well. That way you can be alerted whenever an attempt to change your password is made, and it will not let anyone through without having that second factor of authentication.