Welcome to hacking 101 : "Nothing is secure, just not compromised YET"
"With the exception of the full URL, all other HTTPs traffic remains unaffected by the attack.
Still, in some cases, disclosure of the URL can prove fatal for security. The OpenID standard, for instance, uses URLs to authenticate users to the sites and services that support it. Another example is document sharing services, such as those offered by Google and Dropbox, that work by sending a user a security token that's included in the URL. Many password-reset mechanisms similarly rely on URL-based security tokens. Attackers who obtain such URLs in any of these cases are often able to gain full access to a target's account or data."
http://arstechnica.co.uk/security/2016/07/https-wpad-crypto-exploit-attack/
Standard security practices apply - never trust an open network, configure your devices to respond only to your commands & use a VPN