Since I am not a techie type, maybe you guys can help. Are the numbers of accounts listed simply estimated or do they know which ones were hit? If they know which accounts were affected, is it common to notify those accounts to change passwords? Otherwise, if it is just an estimate and know one knows what the hackers got, then everyone should change passwords anyway, right?