Yay for password managers! Switching from one gibberish password to another takes like 2 seconds per site luckily. I'm switching everything just to be safe. After it is confirmed that the bug is fixed on a given site of course.
I'm guessing if you use two stage authentication that would at least stop anyone using an account even if they have the password?
Yes, as long as they don't have access to the other form of authentication. For stuff like Blizzard's 2-factor, where you have a mobile phone app for the second factor, or Google, where they text you the information for the second factor, you are good. But for stuff like Steam, where they simply email you the second key, it is a bit less secure if your email is compromised. If your email is not compromised then you are fine.