Originally Posted by Currawong
I merged the threads. The servers are run by Huddler. The active admins have nothing to do with either the back-end (nor the management of sponsors btw.) so we can't answer that because we don't know.
However, while I have no doubt that Huddler are well aware of security issues, since large sites are often the target of intrusions where databases are stolen, I would follow the advice of numerous security professionals and simply NOT use the same password on any two sites. Even if passwords are one-way encrypted (like they are on your computer) it is easy to get enough computing power these days that 90% of them can be cracked through brute force (guessing billions of possible passwords). As such I recommend using iPassword (50% off I heard because of Heartbleed) or Lastpass and having them generate 20-30 character random passwords for sites (or as long as is allowed by each site).
Thank you for responding to the concern. I think it's important for everyone to realize that changing passwords alone in no way guarantees your information is now safe from being compromised. All systems identified as being exposed to this vulnerability must first be patched, or reconfigured to mitigate the vulnerability. Only after those actions have been taken can one be assured that personal data passing through those systems are safe from being compromised by the Heartbleed bug.
Note the following warning from a recent Forbes article - http://www.forbes.com/sites/jameslyne/2014/04/10/avoiding-heartbleed-hype-what-to-do-to-stay-safe/
Internet providers and hosts:
You should be making a statement about when you’ve successfully patched and mitigated the issues. Proactive customer notification would be logical, but at least a banner on your site would help. Forcing customers to guess or test themselves is just negligent.
With that in mind, please request a formal statement from Huddler detailing what actions have been taken, or are being taken, and ask that they officially acknowledge when their systems are secure.
I look forward to an update from Huddler on the status of their systems. Thank you for taking action to keep Head-Fi a safe and secure community.