Soon after the accounts were posted Thursday, Lulzsec followers started to say, via Twitter, that they had accessed Facebook, Twitter and online gaming accounts. "I am now an level 85 human warrior on mal'ganis server,"

"Got an Xbox Live, Paypal, Facebook, Twitter, YouTube THE WHOLE LOT! J-J-J-J-J-J-JACKPOT," The "idiot had the same password for everything," he later explained.

Others claimed that they'd chatted with friends of the victims or posted obscene photos or messages to their profile pages.

Crowell, a property assessment specialist with the Wisconsin Department of Revenue in Milwaukee, describes herself as a "boring old lady on the Internet." Though she knew better, she reused her passwords, including the one she used at both Amazon and Writerspace.com. "Everyone knows that everyone uses the same password for everything," she said. "You know what you're supposed to do, but do you do it?"

Crowell is right; most people do reuse their passwords, said E.J. Hilbert, a former U.S. Federal Bureau of Investigation agent who is now president of fraud investigation company Online Intelligence. It's a bad habit that needs to change. "You need to use different passwords for different sites. Period. Across the board," he said.