Connect with Joseph Steinberg

CyberSecurity

Inc.: Why You Can Ignore Calls to Change Your Passwords After Today’s Serious Password Leak Announcement

Inc.: Why You Can Ignore Calls to Change Your Passwords After Today’s Serious Password Leak Announcement

A bug in code used by Cloudflare, which provides security and performance services for millions of websites, caused private information, potentially including passwords and personal messages from many websites, to leak. Uber, OkCupid, 1Password, Fitbit, and, yes, JosephSteinberg.com all use Cloudflare. Because of the way the bug caused data to leak (essentially, Web requests to sites protected by Cloudflare occasionally received responses which included extra data), leaks from one site could have occurred when people accessed other sites.

This may sound alarming–and, in fact, many security professionals are telling people to change their passwords for all sites protected by Cloudflare–but I disagree. As I said after the Heartbleed vulnerability when others were calling for mass password changes, unless the impacted provider (in this case, Cloudflare) tells you to change passwords it may be best to do nothing.

To learn why, please see my article in Inc. entitled Why You Can Ignore Calls to Change Your Passwords After Today’s Serious Password Leak Announcement

Continue Reading

More in CyberSecurity

 

POSTS BY CATEGORY

JOIN MY NEWSLETTER

* indicates required