LAST EDITED ON Feb-24-17 AT 05:49 AM (EST)
 
Apparently there has been a massive security flaw discovered in Cloudflare, which affects every site that touches it. It's been recommended that all passwords and security questions be changed... pretty much everywhere, but especially places that house personal info like banks. Two-factor authentication (usually via mobile device, but some things (like MMOs) use physical security tokens) is being strongly recommended where available.

More info available here.

Edited to add: The Discord chat service is specifically mentioned. Dunno if anyone here uses it.

>Apparently there has been a massive security flaw discovered in
>Cloudflare, which affects every site that touches it. It's been
>recommended that all passwords and security questions be changed...
>pretty much everywhere, but especially places that house personal info
>like banks. Two-factor authentication (usually via mobile device, but
>some things (like MMOs) use physical security tokens) is being
>strongly recommended where available.
>
>More info available
>here.
>
>Edited to add: The Discord chat service is specifically mentioned.
>Dunno if anyone here uses it.

Authy is also a scary one. We've been "oh fuck fuck fuck" about this here at work since the news broke.

--
-Pasha
"Don't change the subject"
"Too slow, already did."

Yeah, this one's been a bit of a giggle for those of us in the infosec field. The nature of the issue is very similar to that 'Heartbleed' TLS issue from a couple years ago.

I'm going to have to redo a couple creds - digital ocean's front end was affected - but it looks like I got out of this fairly light.

Friend of mine noted that events like this are a great way for you to audit what stale accounts you might have laying around that you didn't realize were still active.