Upvote Upvoted 29 Downvote Downvoted
Massive Cloudflare data leak - change passwords
posted in Off Topic
1
#1
0 Frags +

EDIT: Forgot to mention that Discord is potentially affected. It's a good idea to change your password there. Reddit may be affected as well.

https://techcrunch.com/2017/02/23/major-cloudflare-bug-leaked-sensitive-data-from-customers-websites/

List of potentially affected sites: https://github.com/pirate/sites-using-cloudflare

TFTV, ETF2L, UGC and other TF2-related sites are in the zipped list, but since those three sites use Steam for accounts I don't think they're actually affected. Definitely change your passwords on affected sites, and consider using a password manager.

UGC team owner accounts may have been compromised, as they don't use Steam.

ESEA appears to be unaffected.

EDIT: Forgot to mention that Discord is potentially affected. It's a good idea to change your password there. Reddit may be affected as well.

https://techcrunch.com/2017/02/23/major-cloudflare-bug-leaked-sensitive-data-from-customers-websites/

List of potentially affected sites: https://github.com/pirate/sites-using-cloudflare

TFTV, ETF2L, UGC and other TF2-related sites are in the zipped list, but since those three sites use Steam for accounts I don't think they're actually affected. Definitely change your passwords on affected sites, and consider using a password manager.

UGC team owner accounts may have been compromised, as they don't use Steam.

ESEA appears to be unaffected.
2
#2
3 Frags +

Thanks for the post!

Thanks for the post!
3
#3
18 Frags +

fuck i gotta change my hard sex tube dot com password now

fuck i gotta change my hard sex tube dot com password now
4
#4
0 Frags +

.

.
5
#5
6 Frags +

around 150.000 pages of personal data? That may not be a lot compared to how much there is on the internet but in absolute numbers I'd say that's quite a lot.

around 150.000 pages of personal data? That may not be a lot compared to how much there is on the internet but in absolute numbers I'd say that's quite a lot.
6
#6
1 Frags +

any good pass managers anyone can recommend? been thinking of using one for a while now

any good pass managers anyone can recommend? been thinking of using one for a while now
7
#7
2 Frags +
speedyany good pass managers anyone can recommend? been thinking of using one for a while now

KeePass

[quote=speedy]any good pass managers anyone can recommend? been thinking of using one for a while now[/quote]

KeePass
8
#8
0 Frags +

LastPass is quite popular, but last I checked they still want to charge anually for "premium"

LastPass is quite popular, but last I checked they still want to charge anually for "premium"
9
#9
1 Frags +
Niko_Jimsspeedyany good pass managers anyone can recommend? been thinking of using one for a while now
KeePass

Keepass is sooooo good but write your master password down somewhere you won't forget or else you're fucked.
I neglected to store my masterpass and had to reset a handful of accounts

[quote=Niko_Jims][quote=speedy]any good pass managers anyone can recommend? been thinking of using one for a while now[/quote]

KeePass[/quote]

Keepass is sooooo good but write your master password down somewhere you won't forget or else you're fucked.
I neglected to store my masterpass and had to reset a handful of accounts
10
#10
1 Frags +

I know nothing about this is it possible to have a password manager that works on my phone and multiple PCs?

I know nothing about this is it possible to have a password manager that works on my phone and multiple PCs?
11
#11
0 Frags +
bearodactylI know nothing about this is it possible to have a password manager that works on my phone and multiple PCs?

lastpass does i think but im not sure. keepass may have a mobile app but you'd probably still have to manually handle cloud-syncing of the databases i think

[quote=bearodactyl]I know nothing about this is it possible to have a password manager that works on my phone and multiple PCs?[/quote]

lastpass does i think but im not sure. keepass may have a mobile app but you'd probably still have to manually handle cloud-syncing of the databases i think
12
#12
0 Frags +
bearodactylI know nothing about this is it possible to have a password manager that works on my phone and multiple PCs?

Dashlane premium does that, you get 30 days premium when you signup after that it is $40 a year. If you dont use premium I dont know how the syncing of passwords works. However I prefer just the free one over keepass

[quote=bearodactyl]I know nothing about this is it possible to have a password manager that works on my phone and multiple PCs?[/quote]
Dashlane premium does that, you get 30 days premium when you signup after that it is $40 a year. If you dont use premium I dont know how the syncing of passwords works. However I prefer just the free one over keepass
13
#13
0 Frags +
gemmbearodactylI know nothing about this is it possible to have a password manager that works on my phone and multiple PCs?
lastpass does i think but im not sure. keepass may have a mobile app but you'd probably still have to manually handle cloud-syncing of the databases i think

Yeah. I use KeePass, and I have MiniKeePass on my iPhone. I have my database saved to my Dropbox, and I send it to MiniKeePass every so often.

It's not that hard, and you only need to update the database on your phone when you actually need to use a password you've added or changed.

[quote=gemm][quote=bearodactyl]I know nothing about this is it possible to have a password manager that works on my phone and multiple PCs?[/quote]

lastpass does i think but im not sure. keepass may have a mobile app but you'd probably still have to manually handle cloud-syncing of the databases i think[/quote]
Yeah. I use KeePass, and I have MiniKeePass on my iPhone. I have my database saved to my Dropbox, and I send it to MiniKeePass every so often.

It's not that hard, and you only need to update the database on your phone when you actually need to use a password you've added or changed.
14
#14
5 Frags +

TFTV is fine. It uses one of the features of Cloudflare but not the one related to this attack, on top of having account details done through Steam anyways.

wolsneLastPass is quite popular, but last I checked they still want to charge anually for "premium"

I can vouch for LastPass; I haven't ever paid for it and it's been great. Does what you want, makes it easy to make new passwords and is synced with their mobile apps. I don't remember what Premium adds but I've personally never needed it.

TFTV is fine. It uses one of the features of Cloudflare but not the one related to this attack, on top of having account details done through Steam anyways.

[quote=wolsne]LastPass is quite popular, but last I checked they still want to charge anually for "premium"[/quote]
I can vouch for LastPass; I haven't ever paid for it and it's been great. Does what you want, makes it easy to make new passwords and is synced with their mobile apps. I don't remember what Premium adds but I've personally never needed it.
15
#15
0 Frags +

im using keepass and i have no problems with sharing it between multiple devices manually.
i just dont really like that my passwords are stored in a cloud all the time, tho im sure that its just a feeling and theyre not really less safe in the cloud.
also i use a stripped version of my passwordlist on my phone with only the most important passwords that i actually need on my phone since im not really browsing that secure with it, which is one advantage of not sharing your full passwordlist via cloud i guess.
i just have 1 main file that i do changes to and then ill copy it over to the other devices whenever i actually happen to use an old password on one of them...

im using keepass and i have no problems with sharing it between multiple devices manually.
i just dont really like that my passwords are stored in a cloud all the time, tho im sure that its just a feeling and theyre not really less safe in the cloud.
also i use a stripped version of my passwordlist on my phone with only the most important passwords that i actually need on my phone since im not really browsing that secure with it, which is one advantage of not sharing your full passwordlist via cloud i guess.
i just have 1 main file that i do changes to and then ill copy it over to the other devices whenever i actually happen to use an old password on one of them...
Please sign in through STEAM to post a comment.