Most of us are aware that it’s not a very good idea to use the same password on multiple websites; there was a very good example of why this is such a bad practice. Users registered at the website of popular CMS Typo3 might have had their accounts compromised:
As far as we could find out, an admin password was stolen and used to find out more passwords on typo3.org. At the momment we cannot disclose more, as we are preparing legal actions against various persons.
The best would be to follow the instructions we collected for you. We highly recommend to change your password on all websites where you use the same or a similar password.
Heise reports that registered users have also received a warning that the passwords that were collected are already being tried at other websites:
The offender had access to website user details including their passwords, and there have been reports of this data being used to access other websites. It also has to be expected that the data may have been disclosed to third parties.
My advice is to generate a random password for every website that requires registration; this sounds inconvenient at first, but in reality you just need a good password manager. Typo3 recommends KeePass; I personally use 1Password, and there are many others available. This way you only need to remember a single password, and that is only entered on your own computer. Even if your master password is somehow compromised, at least you have a list of all the logins and passwords you use so you can easily change them all.