This type of news is why I encourage people to enable two-factor authentication on whatever accounts they have that support it:
The massive data breach was a result of keylogging software maliciously installed on an untold number of computers around the world, researchers at cybersecurity firm Trustwave said. The virus was capturing log-in credentials for key websites over the past month and sending those usernames and passwords to a server controlled by the hackers.
All in all some 318,000 Facebook, 70,000 GMail, and 22,000 Twitter passwords were part of the heist. All three of these sites allow users to enable one time passwords for two-factor authentication. Facebook and GMail both use Google Authenticator, which ties to an application on your phone. The application has a token that generates a new six digit password every 30 seconds. When you log into either of these sites you will be asked to enter the current six digit password before you’re allowed access to your account. What makes such a system useful is that you need access to your phone in order to log in, just having the password alone won’t grant access. Twitter uses it’s own system that ties to the Twitter smartphone app. When you attempt to log into your Twitter account a notification is sent to your phone and you have to authorize the log in from there. Once again it requires your phone in addition to your password to successfully log in.
It’s not always clear when your password has been compromised. Hackers have gained access to use password from website databases before. When such breaches are discovered most websites reset all their users’ passwords. But until the breach is discovered anybody with the list of passwords can log into the accounts that appear in that list, unless those users have enabled two-factor authentication.