A Quick Note About the Cloudflare Leak

As you may have heard, Cloudflare announced this week that a data leak resulted in some private information being cached by search engines. Yes, Thurrott.com utilizes Cloudflare services. But your personal data is safe.

Internally, we’ve spent perhaps a bit too much time discussing this topic and debating various options around communicating what did or did not happen. But perhaps the simplest explanation is already available in the forums, where Tim Speciale addressed a question about the leak.

“Thurrott.com is listed in Phinea’s data dump because we do in fact use CloudFlare,” he explained. “The data dump includes any domain that is using CloudFlare’s DNS (see Disclaimer)”

“Over the past 12 hours we have been thoroughly investigating this bug.Based on our own findings, CloudFlare’s communication with us, and insight from 3rd party experts, we have no reason to believe that Thurrott.com (or any other BWW Media Group Domain) has been compromised.”

A couple of additional points.

Your online personas are important and need to be secured. I’ve coincidentally been writing about this very topic recently, and you may want to (re)read First Steps: Secure Your Online Identity for a refresher on the current thinking.

But your Thurrott.com account has very little in the way of truly personal information associated with it. So even if the site had been compromised as part of this leak, the risks are still low.

Because I am a site administrator, I did change my password yesterday, and so did other people at BWW Media Group. But we collectively decided that forcing everyone to change their passwords when the risk is so low just didn’t make sense. If you feel otherwise, this isn’t a horrible time to change your own password, and to review the security of all of your online accounts.

Thanks!