Pretty sure Mysidia doesn't use SSL.
In all honesty, it doesn't matter if you change your passwords. If they've got your details, they've got your details.
Where you live, your date of birth, credit cards. Everything they need to rack up bills in your name, or any other kind of fraud and hacking. It's too late. If they have it, they have it. Changing your password isn't going to save you really.
Not when they can call up the company, put in a complaint and give all your information, pretending to be you... In Australia, all you need to confirm your identity on the phone is Full Name, Date of Birth, Address, and Phone number.
So.. internets is screwed no matter what XD
The problem now is that the people who have the information now have to be careful, because it's gotten loose how they've gotten it. So if they use it, it should be easier to track them done. Once the patch was released, and the bug was brought to life, I think all the information they now have becomes pretty useless.