Recently, it was discovered by security researchers that almost every single WiFi is vulnerable to breach. Basically, Key Re-installation Attack (KRACK) is possible for a hacker to act as ‘man in the middle’ by spoofing a local WiFi hub, so all your WiFi traffic will go through his (or her) computer, before going onto the real WiFi hub. The affected WiFi hubs use the WPA2 security protocol.
Normally, you should be protected by using https (the green padlock SSL certificates) on websites. SSL certificates should encrypt your username and password, making them invisible, but the KRACK vulnerability removes this protection.
Microsoft has already released a patch on their Windows 8 and 10 computers. If you don’t have automatic updates turned on, do it now. Google has announced that Android devices won’t be updated until the 6th November. Android users are advised to turn off wifi until the update is provided. Various other Linux devices will be updated in the near future (check your specific vendor). It is unknown if and how Apple iOS and Mac products are affected; Apple has not released specific information.
In the mean time, it is prudent to avoid using WiFi until you are sure your device has had this patch provided. Regarding your home and office WiFi router, check with your vendor for patches and updates. It is possible that using a Virtual Private Network (VPN) will keep your data and traffic encrypted, and probably protected. There are many VPNs, and these are available on mobile devices as well. Otherwise, absolutely avoid public WiFi until you see specific information stating it is protected against KRACK. After all, it is in the public space where man-in-the-middle attacks work best.
More detailed information from Engadget: