I suggest you check out the thread running in Tech Outpost here in the Norton Forums.
It is essential not to be premature since if you do change a password on a site that uses the system that has been found defective BEFORE they correct the situation you risk losing your changed password to the malware people.