Blizzard and Battle.net security was *not* affected by the world-shaking Heartbleed OpenSSL security failure, but Blizzard suggests you change your Battle.net password if you use the same password for any of the millions of sites that were compromised.
We want to emphasize that Battle.net’s encryption was not affected by this vulnerability. However, if you use the same password on Battle.net that you use elsewhere, your Battle.net account could be at risk if those sites were affected by this bug.
If the above situation applies to you, we recommend changing your Battle.net password to a new, unique password. As always, we recommend that you maintain separate login credentials for each online service you use. Using the same email or password across multiple services greatly increases the potential impact of any compromise.
More information about the Heartbleed vulnerability can be found at http://heartbleed.com, and you can find additional information on how to protect your Battle.net accounts at http://www.battle.net/security.
If you’re wondering which sites were affected by this, the answer is damn near “all of them.” Not Battle.net, but passwords should be changed for Facebook, Twitter, Pinterest, Yahoo, Google and Gmail, etc. Mashable has a nice rundown of the major sites that were hit, or not, and IncGamers has a good “what now?” article to talk you through the stages of grief.