Cloudflare, one of the largest internet security companies, has announced that sensitive information and user data may have been exposed due to a massive memory leak. It is good security practice to change your passwords on a regular basis. To minimize any potential impact from this recent memory leak, we recommend changing the passwords to your UR NetId and Active Directory credentials and alternating other passwords between various sites.

What Should I Do to Protect Myself? Change Your Password!

To change your password for both your UR NetId and Active Directory credentials as soon as possible.

• To change your NetId or UR Active Directory credential, use the MyIdentity portal.
• To change your URMC Active Directory credential, use https://extranet.urmc.rochester.edu/changepass
• For tips and best practices, refer to https://tech.rochester.edu/security/passwords
• DO NOT use your UR credentials (NetID used to log into HRMS and/or your UR/URMC Active Directory used to log into the network and email) for non-UR sites.

Change your password for the services that have been affected: yelp.com, fitbit.com, uber.com. (A partial list of affected sites may be found at https://github.com/pirate/sites-using-cloudflare )

Further Reading

• Cloudflare’s response to the massive memory leak
• Cloudbleed: How to deal with it
• Partial list of affected sites

Quick Security Tip: Visit the University of Rochester Information Security Password page at https://tech.rochester.edu/security/passwords/ to learn how to create secure passwords.

If you have any questions concerning this vulnerability, contact your IT support staff at:

University IT Help Desk

Phone: (585) 275-2000

Email: UnivITHelp@ rochester.edu

Medical Center Help Desk

Phone: (585) 275-3200

Email: helpdesk_ISD@ urmc.rochester.edu