Whenever mainstream media gets ahold of a tech story, you can be sure there will be lots of hype and probably also inaccuracy. The bottom line is that a very serious vulnerability was discovered and made public in the authentication system that SOME websites and services use. It's possible that some sites were attacked, and it's also possible that no sites were attacked but unfortunately there is no way of knowing this.
What hackers would be able to obtain through this exploit is whatever chunk of data was in a server's RAM at a given moment, which may be uselsess data, or it could be the encryption keys to all of their user database.
I don't think there is cause to freak out right now, but it would be prudent to change your passwords on the major sites that were potentially affected. There is a list of sites that were vulnerable as of April 8 from Alexa's top 10,000 sites (NOTE: many of these are NSFW, but it is just a list of URL's), and LastPass has a checker tool where you can enter a site and see if it is vulnerable. Keep in mind that the checker tool will tell you if it's vulnerable NOW, not if it was vulnerable and then fixed.
PLEASE NOTE: The link below was removed February 23rd 2017 because the link is no longer available on GitHub.
You can check out the top 10,000 list on github:
And the LastPass tool here: