Has any of you heard about Krack Attack yet?

@ForkBoy Thankyou for the info.

Game accounts probably aren't high risk for most people, and if games have been using plaintext passwords now, they're both woefully out of date and already vulnerable since everything's basically out in the open on the Internet. (Or in other words, people at LAN-parties, school networks etc. etc. could already steal them). Phone apps mostly use HTTPS, though of course there's sure to be some exceptions and it's impossible to vouch for everything.

I think the prelevance of open access points, weak WLAN encryption and LAN's in general being unencrypted means that most things that are affected could have been hacked already without this exploit (or these exploits). As I understand patching the computers won't help, because you will need to also patch the access points, which in most cases are never going to be patched, though I didn't read yet whether they've figured a way around that (Like actively monitor for the exploit? Prevent the protocol features at all?).

@ForkBoy But *only* things that are being sent unencrypted in itself. Since you could already sniff wired LAN's and old and unencrypted wireless access points, those things would already have been widely readable, most protocols use their own encryption. That's what the "https" part on the URL of almost every web-site means for example.

But yes, it's potentially bad since some corporate (and home) intranets may have assumed they can safely send data unencrypted over WLAN, and since it's wireless people can just drive by scanning for them. Most Internet websites, games and apps likely are safe from this though, because if they were sending passwords unencrypted, they'd already been sniffed when people connected to coffee shop access point or school/LAN-party (Not that just that DOESN'T happen, but programmers have been getting lot smarter about it over the years).