EH-Net

You can't help but wonder if EH.net will become a target in this new wave of attacks at some point.

Password change? I think so  ;D

I wonder too... that spam bot over the weekend maybe? ;)

But I'm not worried about having to change my password. This is the only place I use the password.

It has already been targeted by the hacktivist groups from time to time. Being a target doesn't mean it's unsafe. It's when there's a compromise of security, that you should change your password.

That's assuming the compromise is detected :)

True. But if it is not detected, then the attacker most likely has a backdoor, meaning that changing your password is pointless since he or she can just download the database, modify the encryption scheme, or backdoor the login function for that sake, so your password is sent in clear text to the attacker, and in this case HTTPS and HTTP does not matter at all, since the passwords can just be stored in a default looking file on the server. (The last attack has been seen before.)

If the compromise isn't detected, there's no remediation of the risk, caused by an "agent" and a vulnerability in other words.

I still change my passwords. It gives me the warm fuzzy. I know it's delusional but I tell myself that most of the time when a site is compromised they harvest the accounts and never re-query the user base with the assumption that the passwords are not changing unless a compromise is announced. That and I never re-use passwords. I could not function without password vaults.

EH-Net has been targeted in the past. Passwords have been compromised and posted online.

I would think it has been, Most black hats do not like the idea of white hats. It would give them more of a trill knowing that they have hacked into a white hat's site, leading them to believe they are better.