I had been on the phone 2 days ago with Barclaycard because their site was vulnerable to the bug, but they had not done anything, not even put a note on the site to notify users to change their password (now they have).
Well, this morning I got a call from them, they detected 2 fraudulent charges on my credit card. The big one (a flight with a Brazilian airline) didn't go through at all, so luckily nothing really happened.
Keep an eye on your money for the next few weeks, folks!