As you may have heard, late yesterday it was revealed that there was a pretty major bug that was potentially leaking all sorts of sensitive data for some companies that use Cloudflare. The bug is being dubbed “Cloudbleed” as it’s actually quite similar to what happened a few years ago with OpenSSL in what was known as Heartbleed. Cloudflare was alerted to the bug by some Google security researchers and quickly patched the problem — but it had gone on for months, with some sensitive data being indexed by search engines (that’s all been cleaned up too).
At Techdirt, we use some Cloudflare services. It is unclear (and, in fact, unlikely) that any Techdirt data leaked via Cloudbleed. Also, we don’t retain sensitive data from our users. However, in an abundance of caution, we have decided to reset everyone’s passwords. If you have an account on Techdirt (which is not a requirement), you will be logged out, and will be required to go through the password reset process to get back into your account. Yes, this is a bit of a pain for our users, but despite the low likelihood of people here being impacted, we felt it was the right thing to do. Various security researchers have suggested that people change their passwords at other sites as well, and we recommend using a password generator/wallet (some of which will automatically change passwords at many sites upon request) to do so.