A vulnerability in the common WPA2 Wi-Fi security protocol means practically every device that connects to a router (which is just about all of them) can be exploited to reveal access to credit card information, passwords and more. The Key Reinstallation Attacks (Krack Attacks) allow anyone in physical proximity to gain access. A flavor of Linux and devices using Android 6.0 and up are especially vulnerable. 

Changing the password won't do any good, the devices themselves need to be updated, so if you are using old technology you may be out of luck. The groups with most to lose will be corporations so they are likely to be updating.

How do they do it? When hackers find a network with the vulnerability, they make a clone, impersonate the MAC address and then change the Wi-Fi channel. Now devices don't realize they are using the "fake" router. Because it copies the whole router, hackers can't see passwords, but they can see data, like credit cards. Visiting HTTPS rather than HTTP sites will likely be okay, according to Engadget. There is also a detailed FAQ, courtesy of Aruba. 

Hank Campbell is the President of the American Council on Science and Health, a pro-science consumer advocacy non-profit founded in 1978, and founded Science 2.0 in 2006. He did not receive any funding from Big Bluetooth or anyone else to write this article.