"Now they can actually capture the cookie that passes along the identity information, and they can hijack your account or anybody that's using Firesheep can hijack your account," says McAfee security expert Joris Evers.
How is this possible? While a website may require a password to log in, many don't encrypt subsequent transmissions. That creates a security gap.
One customer we spoke to was logged onto Facebook while studying, but wasn't too concerned.
"It's mainly just like asocial network for me," says Campbell resident Irina Moiseyeva. "I only use it to kind of catch up with people every so often, but it's not like I'm saying, 'Oh, here's my Social Security mumber.'"
Firesheep was created by two Seattle programmers trying to wave a red warning flag.
"I wrote Firesheep because I was tired of having to deal with websites that were ignoring this problem of user privacy," says software programmer Eric Butler.
At the same time, their free application has been downloaded 800,000 times, empowering people to become identity thieves.
"The people who really need to watch this video are Facebook, and they need to realize they're the ones that make this possible," says Butler.
ABC7 contacted Facebook, but we have not heard back from them.
Firesheep also sniffs for account data for Twitter and 22 other popular websites.
"It brings to the forefront the risk of the public WiFi networks with unencrypted traffic, but also the fact that these websites, like the social networking sites you mentioned, don't encrypt their traffic throughout," says Evers.
Something to think about.
"I feel like privacy is definitely not guaranteed, and it's up to you to be aware of when you're covered and when you're not," says Campbell resident Sarah Schott.