Hi all,
The direct problem on the server has now been addressed through an upgrade of openssl and a re-issue of the ssl certificates for the server. If you have an account on the store, you may wish to change your password now.
Like everyone else, we can and have addressed the vulnerability of the server going forward but it is impossible to know who, if anyone, was compromised as a result of this bug.
For your interactions elsewhere, here is a list of websites that you may wish to considering changing your password on
As security expert, Bruce Schneier has said, on a scale of 1-10 for security breaches, this is an 11.
Lastly, a little xkcd to cheer you up.
Regards... Steve