Sites that use Cloudflare have been leaking https information. Dreamwidth and Livejournal appear to be unaffected by this as of when I last checked, along with Amazon, Reddit, Yahoo, and Gmail. Quite a few of the sites that used Cloudflare, and that are affected by this, have been listed by a user on Github. Some technical discussion (particularly in the second link) on Reddit can be found here and here. You can find a bit on the mobile iOS apps that were affected here. From everything I have read, if you need to change your passwords, it should be safe to do so.
Edit: Just found a good tool: Does It Use Cloudflare? Just type in a site address, and it will let you know if the site does/did on the date the problem was traced back to; at that point, you'll know if you must change your password at the site with the problem.