It was only two years ago that shoppers during the Black Friday madness received an unwelcomed gift: their personal details and credit card information were stolen by hackers in what was then one of the largest known retail data breaches.

Now, just in time for the busiest shopping week of the year, one of the world’s largest online retailers has found some equally unwelcomed news, that some of its customers’ passwords may be in jeopardy.

Amazon reached out to affected customers this week with the information, letting them know that their passwords may have been improperly stored or transmitted in a way that could open them up to outsiders. While there’s no known link yet between this password exposure and any hacking activity, Amazon conducted a “forced reset” of those passwords. Even if you didn’t receive a notification from Amazon, it’s recommended that you change your account passwords immediately.

Besides the obvious fear of hacking and data loss, there are some other valid fears associated with this kind of issue. First, there’s a real threat that scammers will swoop in with their own emails in an attempt to copycat this incident; if you receive an email that even looks as though it’s from Amazon—informing you that your account may have been compromised in some way, and offering you a link to reset your password—ignore the link and handle it yourself. By going directly to the retailer’s website on your own and changing your password instead of using a link that arrives in a message, you can avoid any phishing scams that come through your email inbox.

Also, this incident serves as a cautionary reminder of why it’s vital that you take your account passwords seriously. There are some features that “good” passwords have, namely that they’re strong and that they’re unique. A unique password is pretty much what the name implies; you only use it for one account or website. If you use the same password (or even a close variation of it) on multiple websites, you’re potentially handing over your entire web identity to a hacker.

As for being strong, that’s a different matter. A strong password is at least eight characters long, and contains at least one letter, one number, one symbol, and one uppercase character. It’s also not an easily guessed combination, like “Password1!” or your last name.

Finally, there’s one last piece of the “good” password puzzle, and that’s the frequency with which you change it. Think of your password as being the key to a highly lucrative lock; the more that a hacker stands to gain from breaking into your account—like your credit card, banking, or major retailer’s account—the more often you should update your password. If you have a strong, unique password on your local library’s website, for example, one that cannot be used to guess other passwords, then the danger from a hacker is less severe. But if you have an account that contains significant and lasting information about you, the more often you change your password, the better off you’ll be.