Is Thurrott.com affected by Cloudflare’s leak?

6

do we need to change our passwords? Thurrott.com is one of the sites that show up in the list of potentially affected cloudflare sites that can be downloaded from here.

#cloudbleed

Comments (6)

6 responses to “Is Thurrott.com affected by Cloudflare’s leak?”

  1. adityanag

    I changed mine, just to be on the safe side. It helps that I use a password manager (KeePass), so my Thurrot.com password is only ever used here.

    • Tim

      In reply to adityanag:

      I use LastPass.com personally. I personally know probably 3 of my 100 or so passwords. The rest of them are very complex and unique. These platforms are not immune to security breaches themselves and your master password is an obvious risk (2FA helps here) but I think it's a great way to ensure your stuff is secure.

      • simont

        In reply to Tim:

        LastPass isn't prompting to change my password for Thurrott.com so I am guessing its relatively safe.

      • adityanag

        In reply to Tim:

        Yeah, my wife uses LastPass - I prefer KeePass cause I don't like the idea of sending my password DB to the cloud. I control syncing myself, using the sync features on my NAS. It can be finicky, which is why my wife prefers LastPass :)

  2. Brad Sams

    We are currently looking into this, I'll wait for our lead Dev to chime in with his reccomendation.

  3. Tim

    Thurrott.com is listed in Phinea's data dump (https://github.com/pirate/sites-using-cloudflare/blob/master/README.md) because we do in fact use CloudFlare. The data dump includes any domain that is using CloudFlare's DNS (see Disclaimer)

    Over the past 12 hours we have been thoroughly investigating this bug. Based on our own findings, CloudFlare's communication with us, and insight from 3rd party experts, we have no reason to believe that Thurrott.com (or any other BWW Media Group Domain) has been compromised.