Yes, change your passwords now, especially for the biggies (bank, eBay, credit card, online trading account, anything that can cost you serious money or trouble, or delete important data, or facilitate identity theft). And probably change those passwords often until the dust settles.
This one is big. As an example, the Canada Revenue Agency (equivalent of the IRS in the US) shut down all online access this morning as a precaution. Three weeks before tax returns for the whole country are due.
It's unbelievable, disgusting, and grossly negligent that a gaping hole like this would be "in the wild" for two years.
Previous Topic
Index
