Yes, and it was vulnerable before the announcement broke (I heard about the bug right when the CVE was posted). At that time as there was no patch for the flaw available, I had disabled SSL. Once I get some free time (I'm in the middle of finals right now) I will be generating new certificates for the site and invalidating everyone's passwords.
You should be changing your password on every site, but not until after they've confirmed they've both patched the flaw AND made new SSL certificates (the things your browser checks when creating a secure connection).
