You have probably heard about the recently discovered vulnerability (referred to as the Heartbleed bug) within the OpenSSL cryptographic software library, a world wide standard used by most web servers. Learn about Heartbleed vulnerability.
What exactly is Heartbleed vulnerability and why is everybody so worried?
Watch the below video made by Zulfikar Ramzan, CTO of cloud security company Elastica.
To sum up, the OpenSSL protocol that secures a lot of websites can be tricked to provide data (personal info, credit card info, passwords, encryption keys) that should otherwise not be accessible. Further, if a hacker gets the encryption keys of a certain site he/she would be able, at least in theory, to access all the secured info passed to that site. Just imagine what would that mean if the target is a popular shopping site.
Should I change my passwords?
Back to the subject title: should you change your passwords and, more specific, the password to your VPN account or password used to secure the VPN connections.
As far as I understand, the chances that your passwords be compromised are slim, but “better safe than sorry”. It is possible that your VPN provider uses OpenSSL to secure its connections and at some point a hacker might had access to certain private data including your password. As I said, it is not very likely, but your should change the password or passwords anyway. In case you have distinct passwords for the Client Area and the VPN connection you should change them both.