The Wi-Fi protected setup with which a large majority of new routers ship with enabled by default has a serious flaw opening it up to a brute force attack against the WPS pin. Additional flaws allow for a successful brute force attack in 11,000 attempts. This means the network key of a protected network can be retrieved within hours.
The best course of action right now is to disable WPS if possible. This is not a option on all routers, but the possibility may exist of re-flashing the router’s firmware to a different one such as Open-WRT, DD-WRT, Tomato, etc. to disable it.