detected suspicious activity but encourages people to set up a new password anyway. google says the search was affected, gmail, youtube, wallet, play and app. google immediately applied patches but you don t have to change your passwords but in their words, better safe than sorry. yahoo! says it was affected but it already patched its search, mail, homepage, finance, flickr and tumblr but still yahoo! recommends changing your password. amazon.com, for customers was not affected but amazon services for web operators was. they patched the flaw but they still recommend web operators for amazon change their passwords. other sights recommending updating password, godaddy, intuit, turbo tax, dropbox. last pass. okay cupid and soundcloud and one der list. notably not affected paypal, linked in, microsoft, aol.