Quote Originally Posted by clodhopper View Post
Since I am not a techie type, maybe you guys can help. Are the numbers of accounts listed simply estimated or do they know which ones were hit? If they know which accounts were affected, is it common to notify those accounts to change passwords? Otherwise, if it is just an estimate and know one knows what the hackers got, then everyone should change passwords anyway, right?
This was not a "hack" per say where they get inside FB or inside Google and take their user lists. This was a keylogger installed as a virus. Passwords were taken off each machine as they were typed in.
The massive data breach was a result of keylogging software maliciously installed on an untold number of computers around the world, researchers at cybersecurity firm Trustwave said. The virus was capturing log-in credentials for key websites over the past month and sending those usernames and passwords to a server controlled by the hackers.
As such there will be no notification because nobody knows exactly what accounts were taken except those that have them.

Generally in the event of a major breach everyone is forced to create a new password.