I've received about half a dozen emails regarding heartbeat fixes, most from services I've rarely used.
People should change their passwords of all used sites. 2/3 of all Internet is affected, so do not wait for the warning e-mails from the services you use. They could never arrive. Just go and do it. Remember, focus first on what is most important for you, like bank accounts, e-mails and notebook-sites alike. The chances you, as an individual, being affected is low but why risk?
True - also remember that if you used the same password in a few places, you need to change all of them. That means if you used password 123456 on a random forum 4 years ago, and also use 123456 as your password for banking, you're still potentially screwed. I'm waiting a couple more days and redoing them all. I just did this 3 months ago. What a pain in the ass.
I have a metric ArseTon (SI Units) of pass phrases for a bastardardy of sites collected in the last few years. Like kleinbl00 I run my own mailserver alongside Google hosted stuff and at last count I have upwards of 400 separate email addresses for 400 separate sites/services. This could be a the moment to bite the bullet and move as much as I can over to 2-factor auth, at least for the large entities like Google and anything else which will let me.