According to a report released Dec. 3rd by cybersecurity firm Trustwave, over two million passwords have been stolen, compromising accounts at Facebook, Gmail, Twitter, Yahoo, ADP and more.

How did this happen? Unknown hackers installed key-logging software in computers around the world. This virus captured log-in info for key websites and sent the usernames and passwords to a server controlled by the hackers.

Want to know whether your computer is infected? Just searching programs and files won’t be enough, because the virus running in the background is hidden. Your best bet is to update your antivirus software and download the latest patches for Internet browsers, Adobe, and Java.

Once you do that, change your passwords – this ensures that no one else will have access to your online accounts.