Nearly 1 in 5 Internet users say they've had their personal information stolen as a result of online activities, according to a Pew Research Center study.
The research, released Monday, comes as Internet users reel from last week's Heartbleed attack, which affected some of the largest websites in the world, including Facebook, Google and Yahoo.
Iowa State University cybersecurity expert Doug Jacobson said it reminded him of an Internet worm that affected about a third of the Web in 1988.
"We haven't learned anything is my first reaction," he said. "The underlying flaw that was part of Heartbleed was, in essence, the same flaw that caused the Internet worm of 1988."
The Pew survey of 1,002 adults showed 18% of Internet users had their personal information stolen — a jump of 7 percentage points within just six months.
Cybersecurity experts say they aren't surprised.
"Unfortunately, for Americans, the loss of data is becoming a much more common event," said Michael Kaiser, executive director of the National Cyber Security Alliance in Washington. "But the good news is we are starting to see a lot of consumers doing some of the basic stuff" to protect themselves.
The future should improve as security features increase on Internet-connected devices such as smartphones and tablets, he said.
"People don't often think about their phones and the many ways devices connect to the Internet," he said. "But that will grow over time. People have to be aware of how much data is stored on their phones."
Last week, a security firm discovered the Heartbleed bug, one of the largest security flaws ever. It exposed user names and passwords of some of the Internet's most reputable websites to potential thieves.
The discovery sent the biggest names in technology scrambling to close a vulnerability in the security software. Programmers built a "heart beat" function into the program that lets computers communicate with each other to indicate they are still active.
Data breaches and personal information thefts already have been a big topic this year.
Heartbleed comes on the heels of the Target personal information breach, which affected more than 100 million customers during the holiday shopping season.
Pew researchers hope their data help the cause. The information had been scheduled to be released as part of a larger study, but researcher Mary Madden said the organization felt a bit of context would be helpful as the fallout from Heartbleed becomes more clear.
"It is interesting to think about the backdrop of the high-profile data breaches we have seen during the past six months," she said. "People are paying closer attention. At the same time, we see a bunch of reports that cyberattacks are on the rise."
Last year's revelations that the National Security Agency had been spying on citizens using some of the most popular websites persuaded Pew officials to track personal information theft, Madden said.
Alan Grau, who runs a cybersecurity firm in West Des Moines, Iowa, that focuses on embedded software in Internet-connected devices, recommended simple tips like changing passwords frequently and using a password manager.
Even the most basic protections could help consumers avoid the attacks, he said.
"The reality is, cybercriminals are getting more sophisticated and the types of attacks they are developing are becoming more effective," he said. "But it's like the lion hunting the gazelle. They get the slowest one. The people who provide the least resistance will likely get caught."
4 tips to stay safe online
Michael Kaiser of the National Cyber Security Alliance tells how to keep personal information safe online:
1. Change passwords. Make them long and strong. Use a different password for all major accounts. Not doing so is a major flaw that a consumer can control.
2. Keep a clean machine. Ensure that all devices you have on the Internet are free from malware and infection. That includes operating systems, Web browsers and operating systems on phones. Update your mobile applications often.
3. Delete applications you don't use. You don't know where an infection will come from, and even applications that remain connected to your phone through cloud-based services can be harmful.
4. Make sure you have a high-quality connection to the Internet. Public Wi-Fi is ubiquitous, but it's also very unsafe. If it doesn't require a password to connect, limit what you do in that environment. Be aware of how you connect to the Internet.