do we need to change our passwords? Thurrott.com is one of the sites that show up in the list of potentially affected cloudflare sites that can be downloaded from here.
#cloudbleed
Conversation
6 comments
adityanag
24 February, 2017 - 11:49 pm
<p>I changed mine, just to be on the safe side. It helps that I use a password manager (KeePass), so my Thurrot.com password is only ever used here.</p>
<blockquote><em><a href="#77380">In reply to adityanag:</a></em></blockquote><p>I use<a href=" LastPass.com" target="_blank"> LastPass.com</a> personally. I personally know probably 3 of my 100 or so passwords. The rest of them are very complex and unique. These platforms are not <a href="http://www.pcworld.com/article/2936621/the-lastpass-security-breach-what-you-need-to-know-do-and-watch-out-for.html" target="_blank">immune to security breaches</a> themselves and your master password is an obvious risk (2FA helps here) but I think it's a great way to ensure your stuff is secure.</p>
<blockquote><em><a href="#79270">In reply to Tim:</a></em></blockquote><p>LastPass isn't prompting to change my password for Thurrott.com so I am guessing its relatively safe. </p>
<blockquote><em><a href="#79270">In reply to Tim:</a></em></blockquote><blockquote><br></blockquote><p>Yeah, my wife uses LastPass – I prefer KeePass cause I don't like the idea of sending my password DB to the cloud. I control syncing myself, using the sync features on my NAS. It can be finicky, which is why my wife prefers LastPass :)</p>
<p>Thurrott.com is listed in Phinea's data dump (https://github.com/pirate/sites-using-cloudflare/blob/master/README.md) because we do in fact use CloudFlare. The data dump includes any domain that is using CloudFlare's DNS (see <a href="https://github.com/pirate/sites-using-cloudflare/blob/master/README.md#disclaimer" target="_blank">Disclaimer</a>)</p><p>Over the past 12 hours we have been thoroughly investigating this bug. <strong>Based on our own findings, CloudFlare's communication with us, and insight from 3rd party experts, we have no reason to believe that Thurrott.com (or any other BWW Media Group Domain) has been compromised.</strong></p>