Worried about “Cloudbleed”? The LastPass Security Challenge now identifies top websites (affected sites that are in the top 10,000 Alexa ranking) that may be impacted by Cloudflare’s recent security bug. By highlighting impacted websites, LastPass will help you prioritize and update your passwords. Just launch the Security Challenge from the left panel in your LastPass vault, or launch the Security Challenge now to start securing your passwords:
What happened to Cloudflare?
Cloudflare, a service that optimizes the security and performance of over 5.5 million websites, warned customers last week that a bug may have exposed sensitive user information. Impacted data includes passwords, cookies, and tokens to authenticate users. See their blog post for more detailed information.
Do you need to worry?
The scale of the bug was enormous, thanks to how many websites Cloudflare supports, including major sites like Medium, Namecheap, and Change.org. However, Cloudflare has said that the actual impact of the bug itself is relatively minor, so the risk to any one piece of data is fairly low. While the bug is now fixed, data had been leaking since September 2016. Because some data had been cached by search engines over that period of time, sensitive information may remain exposed.
You can’t know for certain that your specific information was not leaked, so our security-conscious community will want to err on the side of caution. The best course of action is to use this as an opportunity to rotate all passwords that have been flagged as potentially vulnerable.
LastPass makes password changing easier
The LastPass Security Challenge now includes the top websites (affected sites that are in the top 10,000 Alexa ranking) affected by “Cloudbleed”. If you use two-factor authentication on impacted sites, we recommend revoking and re-adding two-factor authentication.
The Security Challenge identifies weak, reused, old, and potentially-vulnerable credentials in your vault. If any of the websites in your vault match the list of top sites affected by Cloudflare’s bug, it will now also be listed.
LastPass simplifies the password change process by helping you instantly generate a new, long, random password. Then it saves that password to your vault, and remembers it when you log in next time. If any of the passwords you need to change are shared with others, LastPass syncs the change automatically behind-the-scenes, so others have the latest passwords, too.
LastPass can even change many passwords for you with Auto-Password Change, a list of about one hundred websites where LastPass can automatically update the password for you in one click. Some of the affected Cloudflare sites may have the auto change option available, so be sure to take advantage of this feature.