This might be the most disastrous data leak in the history of computing. MTGS sits behind CloudFlare, so any private data, particularly passwords, should be assumed compromised. Good password hygiene would is to not use a password for MTGS that you super-especially care about getting compromised, but people don't generally practice password hygiene.
We have been in contact with CloudFlare and so far there is no evidence that the security exploit was used or that our site is at risk. We will let you know if we were targeted, but of course it never hurts to take precautions just in case.
Instances like this are always a good reminder of "Hey, I should change my password since I haven't lately.."
That said, while the potential scope of what could have been leaked could be a lot, "only a very small number of requests led to leaked data". This, combined with how low on the totem pole our site would be to a black hat trying to find leaked data, we don't have much of anything to worry about here on mtgs.
What is recommended - for everyone - is to change your password to anything, anywhere, that you would deem sensitive - especially anything with financial data attached (bank login, anything attached to your 401k, etc). It's not always easy to tell what does and doesn't cross the cloudflare network, so you should be safe and just update your passwords across the board for anything that's sensitive/financial.
This might be the most disastrous data leak in the history of computing. MTGS sits behind CloudFlare, so any private data, particularly passwords, should be assumed compromised. Good password hygiene would is to not use a password for MTGS that you super-especially care about getting compromised, but people don't generally practice password hygiene.
Twitch channel
Misc. EDH Stuff: Commander Cube | Zombies (Horde)
Resources:Commander Rulings FAQ | Commander Deckbuilding Guide
Follow me on Twitter! @cryogen_mtg
That said, while the potential scope of what could have been leaked could be a lot, "only a very small number of requests led to leaked data". This, combined with how low on the totem pole our site would be to a black hat trying to find leaked data, we don't have much of anything to worry about here on mtgs.
What is recommended - for everyone - is to change your password to anything, anywhere, that you would deem sensitive - especially anything with financial data attached (bank login, anything attached to your 401k, etc). It's not always easy to tell what does and doesn't cross the cloudflare network, so you should be safe and just update your passwords across the board for anything that's sensitive/financial.
No longer staff here.