Connect with Joseph Steinberg

CyberSecurity

Inc.: Why You Can Ignore Calls to Change Your Passwords After Today’s Serious Password Leak Announcement

Inc.: Why You Can Ignore Calls to Change Your Passwords After Today’s Serious Password Leak Announcement

Published on

A bug in code used by Cloudflare, which provides security and performance services for millions of websites, caused private information, potentially including passwords and personal messages from many websites, to leak. Uber, OkCupid, 1Password, Fitbit, and, yes, JosephSteinberg.com all use Cloudflare. Because of the way the bug caused data to leak (essentially, Web requests to sites protected by Cloudflare occasionally received responses which included extra data), leaks from one site could have occurred when people accessed other sites.

This may sound alarming–and, in fact, many security professionals are telling people to change their passwords for all sites protected by Cloudflare–but I disagree. As I said after the Heartbleed vulnerability when others were calling for mass password changes, unless the impacted provider (in this case, Cloudflare) tells you to change passwords it may be best to do nothing.

To learn why, please see my article in Inc. entitled Why You Can Ignore Calls to Change Your Passwords After Today’s Serious Password Leak Announcement

Continue Reading
Related Topics:
Published on

More in CyberSecurity

 



Hire Joseph Steinberg
To discuss hiring Joseph Steinberg as an expert witness or advisor, please contact him by clicking here.

Cybersecurity for Dummies book CyberSecurity for Dummies is now available at special discounted pricing on Amazon. Give the gift of cybersecurity to a loved one.

POSTS BY CATEGORY

JOIN MY NEWSLETTER

* indicates required