Due to heartbleed all SSL certificate vendors are sending out emails similar to the one below offering Free reissues of certificates.
The likelihood of certificate data being stolen is relatively low, and using that data for a malicious purpose is even lower. It is of course a risk though. Here’s a very technical article from Cloudflare on some of the intricacies of trying to steal keys from memory.
They’ve even launched a challenge for people to show they successfully stole a private key.
Now, a much greater risk is that user credentials were stolen from memory, such as if a website uses authentication of some sort for protected content. Or cookie and session data was stolen, that allows someone to remain logged in to a protected website; Facebook being a great example.